Blog

Pre-checked cookie consent is not in accordance with GDPR

According to the European Union Court of Justice, the pre-checked box indicating consent to the placement and display of cookies on a user’s device is not in compliance with GDPR. The user must actively and expressly agree to the placement of the cookie by checking the box, and not vice versa. In this case, it is irrelevant whether the information stored or viewed is personal data.

The aim of the EU law is to protect internet users from an intrusion into their private sphere, in particular from invisible identifiers or other devices entering a user’s device without their explicit consent and knowledge. For the consent for the storing of cookies to be valid, it must be granted by active action, i.e. by the user checking the box. Furthermore, the Court of Justice also dealt with the service provider’s obligation towards information that must be provided to the user. These obligations include the functionality of cookies, and the possibility of third parties accessing the data collected.