In this case, consent was obtained on a website using a consent solution. Information was presented to the visitor about the processing activities. Here, the visitor could click on "Allow all cookies" and "View details", but it was not possible to refrain from giving consent or selecting specific cookies. Besides, the visitor's continued use of the website was considered a consent. The consent requirements are voluntariness, granularity and an unequivocal expression of will; this was not a valid consent solution.

Read the entire decision here.

"This case shows that it only takes one person to get in the Danish Data Protection Agency's spotlight. The case shows that not all companies are still in control of getting the right consent solution implemented on their website. A consent solution must comply with all the requirements for consent under the data protection rules. No cookies (except those technically necessary) may be placed without prior consent, and it must be possible for users to choose or reject everyone themselves. In addition, the requirements for a cookie policy must, of course, also be met. We cannot count on the Danish Data Protection Agency to "only" pronounce criticism next time, which is why a violation of the rules can have such consequences, not forgetting that users must also be protected from the placement of cookies that are not consented to." says Christine Jans.

If you are unsure whether you comply with all the requirements regarding the location of cookies, please feel free to contact:

Heidi Højmark Helveg at hhh@coplay.law, +45 30 74 2900

Christine Jans at cj@coplay.law, +45 6058 8862