The Dutch Data Protection Authority (AP) has announced a more rigorous approach to monitoring websites for compliance with GDPR consent requirements in 2024. The AP’s initiative aims to ensure websites are properly requesting permission to use (tracking) cookies or similar tracking software. Misleading cookie banners have been a concern, as they often obscure decline buttons or pre-select acceptance options. The AP emphasizes the importance of explicit consent, as tracking cookies can reveal personal internet behavior, which is protected under the GDPR.
To assist organizations in adhering to the GDPR, the AP has provided detailed guidelines on setting up lawful cookie banners. These guidelines include offering clear information on the purpose of cookies, avoiding pre-checked consent boxes, using straightforward language, and presenting all choices clearly without additional clicks or hidden options. The AP stresses that consent must be a conscious choice, and visitors should have the option to withdraw consent easily. Legitimate interest cannot be confused with consent, and organizations must refrain from deceptive practices to obtain it.
The AP’s website offers explanations and examples to help organizations create compliant cookie banners. The authority has made it clear that non-compliance could lead to investigations and potential enforcement actions, including fines. By ensuring transparent and fair consent practices, organizations can help protect individuals’ control over their personal data when navigating the internet.
In summary, the AP is taking steps to protect personal data and ensure that organizations obtain proper consent for cookies, as mandated by the GDPR. This includes providing resources to help with the creation of compliant cookie banners and the potential for enforcement actions in cases of non-compliance.