GDPR COOKIE AUDIT

Digital Code

Computer Code

The State Office for Data Protection Supervision (BayLDA) in Bavaria recently conducted an audit on 40 websites and concluded all 40 websites were in violation of the GDPR.  The audit revealed, as discussed below, that all websites failed to provide its users with clear and concise information regarding the use of cookies in direct violation of the GDPR.  Interestingly, none of the 40 companies were technology based companies.  This should serve as a stark warning to all companies that compliance with the GDPR is not something only technology companies must comply with but applies across all sectors.

Cookie Banners  

By now it is commonplace to see at the top of a website a banner that states something along the lines of “This site uses cookies to provide you with a better user experience.  By using this website you consent to and accept the use of cookies….”   In reviewing the 40 websites BayLDA found that the cookie banners used were ineffective at disclosing useful information to end users to protect them from unknown tracking.  Specifically, the banner MUST disclose the specific type of cookie being used.  Broad generic descriptions such as performance or analytic cookies do not suffice.

In addition, BayLDA found it problematic that cookie tracking started, known as the “cookie drop”, on most of these websites immediately upon the site’s loading.  In essence tracking started before you even had a chance to opt out!  Thus even if you consented by clicking on the cookie banner, did you really given meaningful consent if the cookie dropped even before you agreed?

Take Away

While the BayLDA audit does not rise to the level of formal guidance, US companies that are subject to the GDPR should take notice and pay careful attention to their cookie banners and timing of the “cookie drop.”   Click here for more information generally on the GDPR.  If you have any questions regarding this or any other aspect of your business, please feel free to contact Doug Leavitt at Danziger Shapiro & Leavitt, P.C.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

Contact Information