Connecting the dots on: cookie consent

Activity around cookie consent has been steadily ramping throughout Europe, with DPAs and privacy activists scrutinizing the effectiveness of consent in protecting user privacy.

From dark patterns in cookie banners to depositing non-essential third-party tracking cookies on users’ computers without consent, cookie behavior is the target of recent regulatory guidance, enforcement, and ecosystem activity.

Download our timeline to get an overview of the last six months of cookie consent activity.

TIMELINE

AN UPTICK IN COOKIE CONSENT GUIDANCE FROM DPAs

May 2021: Noyb announces GDPR “draft” complaints focused on dark patterns in cookie banners (noyb)

June 2021: Google makes commitments to the UK’s ICO and CMA and delays deprecation of third-party cookies (AdExchanger)

July 2021: The California Attorney General backs Global Privacy Control (Digiday)

July 2021: A German DPA cracks down on improper consent practices: “Consents on websites of media companies are mostly ineffective”  (LDI)

July – Aug 2021: Amazon faces major GDPR fine for lack of proper consent, exposing cracks the the consistency of how regulations are applied (Bloomberg)

July 2021: Italian DPA issues cookie guidelines. (Garante)

July 2021:  CNIL issues formal notices to 40 organizations for failure to allow users to refuse cookies as easily as accepting them (CNIL)

HIGH-PROFILE COOKIE CONSENT ENFORCEMENT 

29 July 2021: CNIL fines Le Figaro for dropping cookies before consent: their first such action against a publisher (CNIL)

Aug 2021: Noyb files the approx. 400 GDPR complaints against entities who didn’t correct their practices to their satisfaction (noyb)

Aug 2021: Malta issues cookie guidelines (IDPC)

2 Sept 2021: Irish DPC levies €225 million fine against WhatsApp for only relying on terms & conditions for consent (IAPP)

THE ECOSYSTEM REFLECTS ON THE STATE OF CONSUMER PRIVACY EXPERIENCE

6 Sept 2021: UK’s ICO urges G7 counterparts to engage in cookie banner reform, including the idea of “meaningful” consent (ICO)

23 Sept 2021: Facebook announces they will finally display their own CMP to users on Facebook and Instagram (Adweek)

17 Sept 2021: The Finnish Transport and Communications authority, Traficom, publishes a revised guide to cookie usage (Traficom)

25 Sept 2021: EDPB sets up a task force for European DPAs dedicated to harmonizing consent banners for the deposit of cookies. The task force will also be responsible for coordinating responses to the 422 complaints lodged in August by Noyb (EDPB)

As data controllers, publishers are realizing that they aren’t only responsible for their own behavior, but also the actions of their partners and third-party vendors on their channels. More than ever, publishers will be required to invest in resources to monitor their properties for illegal behavior and downstream risk.

Want to learn about how Sourcepoint can provide privacy protection for your organization? Discover DIAGNOSE, our compliance monitoring tool. Schedule a demo today.