Digital Governance
cancel
Showing results for 
Search instead for 
Did you mean: 

FAQs for DG

The CJEU’s Plant49 cookie consent ruling FAQ

 

What is the CJEU?

The CJEU is the Court of Justice of the European Union. According to the europa.eu, “The Court of Justice of the European Union (CJEU) interprets EU law to make sure it is applied in the same way in all EU countries, and settles legal disputes between national governments and EU institutions. 

It can also, in certain circumstances, be used by individuals, companies or organisations to take action against an EU institution, if they feel it has somehow infringed their rights.” 

What was the ruling? 

The CJEU ruled against the online gambling site, Planet49, and found: 

  1. Requiring that users “un-check” the pre-ticked checkboxes is not a valid form of consent to the use of cookies as it’s not an “affirmative” action taken by the user.  
  2. The affirmative action to consent to the use of cookies must be clear and specific. This likely means that having a button that conflates access to the site with consent to cookies (e.g., “Accept and Proceed to Site”) is not a valid form of consent. 

This means that companies using ‘implied consent’ or similar tactics will likely need to reevaluate their approach and move toward prior consent.” 

What is prior consent? 

Prior consent, also known as “opt-in” consent, means advertising and marketing cookies aren’t dropped unless the user has explicitly given permission for the website to do so. This varies from the “implied consent” so commonly found across the web that drops cookies on users and suggests that “by using the site, the user agrees to the use of cookies.”

What other implications does thCJEU decision have?

The decision also clarified some additional items, outlined on Twitter by Gabriela Zanfir-Fortuna, Senior Counsel to the Future of Privacy: 

  1. Users need “clear and comprehensive” information on the consequences of consenting to the use of cookies, including how long the cookie will be stored and accessed (i.e., expiration date of cookies). 
  2. The information stored on the cookie – or any tracker for that matter – does not have to contain “personal data” for it to be subject to ePrivacy Directive (ePD) and therefore GDPR. The intent of the law is to protect users from being identified without the tools necessary to consent to such actions. 

What action should I take to align with the ruling? 

If you are a Universal Consent Platform customer and have not implemented “prior consent,” please see this guide for instructions. 

If you are using SiteNotice or are unsure of how to proceed, please contact your Customer Success Manager.  

In the meantime, let us know if you have any other questions about this ruling and how we can help you and your organization stay compliant. 

 

Tags (1)
Version history
Revision #:
2 of 2
Last update:
‎10-08-2019 11:43 AM
Updated by:
 
Contributors
Looking for more?
Ask in Discussions
Developers

Peer-to-peer support  and answers on developing CMS templates, modifying privacy scripts or building integrations.

Digital Experience Management

Find answers and ask questions on content management, personalization and targeting.

Digital Quality Management

Find answers and ask questions on WCAG and SEO quality management.

Digital Governance

Find answers and ask questions on consent and monitoring solutions.