Compliant cookie banners mission impossible?

Those pesky cookies… and even worse, those pestiferous cookie banners.  These banners keep popping up, asking for our consent time and again. And they are often in no way compliant with the GDPR, as Nataliia Bielova (Inria) and Cristiana Santos (Utrecht University) point out in this outstanding presentation, both from a legal and in-depth technical point of view. They formulated 22 low level legal/technical requirements to implement consent mechanisms in web applications, compliant with the requirements in GDPR and the ePrivacy Directive. In their talk they present a multitude of pitfalls, while indicating difficulties experienced when checking compliance.

Is compliance actually impossible? Bluntly, today it’s a tough challenge, though some pointers are provided regarding (future) solutions. At the very least, this session focuses your attention on many pitfalls, helping your (preferably multidisciplinary) approach to avoid them. As you should, because many GDPR court cases are the result of inadequate consent mechanisms. Do understand that invalid consent results in the interdiction of processing the data involved for the stated purposes, and will result in potentially heavy fines if processing continues.

Cookies are pesky, but the two sessions on cookies combined provide extremely helpful and needed insights in managing them in a compliant way. They’re a ‘must’.

 



Andere blogposts

NIS-2: Where are you?

In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.  

SANS Experience Sharing Event

The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.

Privacy Focus Group – Practical AI Use Cases

It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.

30 November: Computer Security Day: Ada Lovelace

On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.


Deel deze nuttige inhoud met vrienden: