In this case, consent was obtained on a website using a consent solution where the visitor was presented with information about the processing activities. Here the visitor could click on "Allow all cookies" and "Show details", but it was not possible to withhold consent or to select specific cookies. Furthermore, it was emphasized that the visitor's continued use of the website was considered as consent. As the requirements for consent are voluntariness, granularity and an unambiguous expression of intent, this was not a valid consent solution.

Read the full decision here.

"This case shows that it only takes one request from one person to get the attention of the Danish Data Protection Agency. It also shows that not all companies are still in control of getting the right consent solution implemented on their website. A consent solution must comply with all the requirements for consent under data protection rules, i.e. no cookies (except technically necessary ones) may be placed without prior consent, and it must be possible for users to choose or reject all cookies. In addition, the requirements for a cookie policy must of course also be met. We cannot expect the Danish Data Protection Agency to "only" issue criticism next time, which is why a violation of the rules can have consequences, not to mention that users must also be protected against the placement of cookies that have not been consented to." says Christine Jans.

If you are in doubt whether you comply with all the requirements regarding the placement of cookies, you are welcome to contact us.