Episode 5: Cookies and the GDPR – ICO v CNIL

GDPR Now! is brought to you by This is DPO, www,thisisdpo.co.uk. *Cookies and the GDPR– ICO v CNIL. * About this episode: Both the UK’s ICO and France’s CNIL have issued updated guidance on cookies. You would have thought that this is all old stuff, but the ICO’s paper comes hot on its Adtech paper where it stated that the UK industry does not understand the rules around cookies, nor the interrelationship between cookies and the GDPR. In this podcast, we take a look at the eprivacy directive and see to what extent it makes sense and can be reconciled with the GDPR. There are some surprises as it turns out that the CNIL has invented a new legal type of cookie. This podcast is essential listening for anyone who wants to use cookies, whether first party or third party. Host: Mark Sherwood-Edwards of This Is DPO. www.thisisdpo.co.uk Email: mse@thisisdpo.co.uk Telephone: 07748 761972 Material referred to: Here’s the important paragraph from the ICO’s Guidance on the use of cookies and similar technologies (bottom of page 46): The ICO cannot exclude the possibility of formal action in any area. However, it is unlikely that priority for any formal action would be given to uses of cookies where there is a low level of intrusiveness and low risk of harm to individuals. The ICO will consider whether you can demonstrate that you have done everything you can to clearly inform users about the cookies in question and to provide them with clear details of how to make choices. For example, the ICO is unlikely to prioritise first party cookies used for analytics purposes where these have a low privacy risk, or those that merely support the accessibility of sites and services, for regulatory action. Guidance on the use of cookies and similar technologies, ICO https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/ Délibération n° 2019-093 du 4 juillet 2019 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux cookies et autres traceurs), CNIL https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038778053&dateTexte=&categorieLien=id Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB. https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf Contact details You can contact the show at info@thisisdpo.co.uk. If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

GDPR Now! is brought to you by This is DPO, www,thisisdpo.co.uk.

*Cookies and the GDPR– ICO v CNIL. *

About this episode:
Both the UK’s ICO and France’s CNIL have issued updated guidance on cookies. You would have thought that this is all old stuff, but the ICO’s paper comes hot on its Adtech paper where it stated that the UK industry does not understand the rules around cookies, nor the interrelationship between cookies and the GDPR. In this podcast, we take a look at the eprivacy directive and see to what extent it makes sense and can be reconciled with the GDPR. There are some surprises as it turns out that the CNIL has invented a new legal type of cookie. This podcast is essential listening for anyone who wants to use cookies, whether first party or third party.

Host: Mark Sherwood-Edwards of This Is DPO.
www.thisisdpo.co.uk
Email: mse@thisisdpo.co.uk
Telephone: 07748 761972

Material referred to:

Here’s the important paragraph from the ICO’s Guidance on the use of cookies and similar technologies (bottom of page 46):

The ICO cannot exclude the possibility of formal action in any area. However, it is unlikely that priority for any formal action would be given to uses of cookies where there is a low level of intrusiveness and low risk of harm to individuals. The ICO will consider whether you can demonstrate that you have done everything you can to clearly inform users about the cookies in question and to provide them with clear details of how to make choices. For example, the ICO is unlikely to prioritise first party cookies used for analytics purposes where these have a low privacy risk, or those that merely support the accessibility of sites and services, for regulatory action.

Guidance on the use of cookies and similar technologies, ICO
https://ico.org.uk/for-organisations/guide-to-pecr/guidance-on-the-use-of-cookies-and-similar-technologies/

Délibération n° 2019-093 du 4 juillet 2019 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux cookies et autres traceurs), CNIL
https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000038778053&dateTexte=&categorieLien=id

Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB.
https://edpb.europa.eu/sites/edpb/files/files/file1/201905_edpb_opinion_eprivacydir_gdpr_interplay_en_0.pdf

Contact details
You can contact the show at info@thisisdpo.co.uk.
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.

Episode 5: Cookies and the GDPR – ICO v CNIL
Broadcast by