Mautic Community Forums

New case-law of the European Court of Justice: Cookie Opt-In

Hello everybody,
with the new case-law of the European Court of Justice, all website operators now have to integrate a Cookie Consent Tool, which allows visitors to a website, in particular, to prevent the setting of cookies from marketing and tracking tools. Before, no cookies are allowed to reach the visitor’s computer. A violation of this practice is remissable.

Is there already experience with at best free of charge Cookie Consent Tools which can prevent the setting of Mautic Cookies in the sense of this European right?

1 Like

Hi @Rosco great question - I just added a tag of GDPR to your post to aid future discoverability!

1 Like

@Rosco : Not sure where you have this information from, maybe you could share your source.

Looking at what the European Union has to say about cookies, there are quite some cases where one doesn’t need prior consent.

source : https://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm

We may need to check in as far Mautic is actually concerned.

The initial case is several years old. It was about the company Fashion ID, which like millions of other companies in the world had integrated the Like and Share button of Facebook on their own website.

The company was cautioned, as the Like Button already without asking page visitor data to Facebook when calling a website. The district court of Düsseldorf confirmed that the like button on websites violates the data protection law and the site operator is responsible.

The case went to the next instance, the Düsseldorf Higher Regional Court then submitted the most important questions about data protection to the European Court of Justice (ECJ). He has now decided.

What has the ECJ decided concretely?
The ECJ has commented on 4 very important questions:

  • Website operators are next to Facebook always responsible for privacy violations.

  • The unsolicited transmission of user data by the Facebook Like button on websites violates data protection law.

  • Competition associations may charge a fee for websites that have Facebooks Like-Button without consent.

  • For cookies that are set for tracking or advertising purposes, a real consent of the website visitors is necessary. A cookie hint banner is not enough.

Source:
https://www.e-recht24.de/artikel/datenschutz/11517-eugh-urteil-like-button-cookies.html

http://curia.europa.eu/juris/liste.jsf?num=C-40/17&language=DE

Ok, I see. But that’s not the same story as in your first post. There you suggested that a website must not place any cookie before user consent. The text you present now speaks specifically about tracking and transmitting data to third parties.

We definitely need to look into this, but a blog post of a german lawyer proposing his services is hardly what I would call a reliable source, especially outside Germany.

It does not matter if the data is collected for yourself or even for third parties. Tracking technologies can be used to collect data concerning a consumer’s personal rights. In order to use these technologies, the visitor to a website must be informed and given the opportunity to object to the setting of a tracking cookie. Until then no cookie may be set and no data collected. Facebook does not do anything else. Therefore, if a Like button is included and the site visitor does not give consent to the data being collected, the operator is jointly responsible for the possible violation of data protection laws. And the ECJ has made it clear that this practice can be warned for a fee.