Episode 5

Cookies and the GDPR – ICO v CNIL


August 5th, 2019

31 mins 4 secs

Your Host

About this Episode

GDPR Now! is brought to you by This is DPO, www,thisisdpo.co.uk.

*Cookies and the GDPR– ICO v CNIL. *

About this episode:
Both the UK’s ICO and France’s CNIL have issued updated guidance on cookies. You would have thought that this is all old stuff, but the ICO’s paper comes hot on its Adtech paper where it stated that the UK industry does not understand the rules around cookies, nor the interrelationship between cookies and the GDPR. In this podcast, we take a look at the eprivacy directive and see to what extent it makes sense and can be reconciled with the GDPR. There are some surprises as it turns out that the CNIL has invented a new legal type of cookie. This podcast is essential listening for anyone who wants to use cookies, whether first party or third party.

Host: Mark Sherwood-Edwards of This Is DPO.
Email: [email protected]
Telephone: 07748 761972

Material referred to:

Here’s the important paragraph from the ICO’s Guidance on the use of cookies and similar technologies (bottom of page 46):

The ICO cannot exclude the possibility of formal action in any area. However, it is unlikely that priority for any formal action would be given to uses of cookies where there is a low level of intrusiveness and low risk of harm to individuals. The ICO will consider whether you can demonstrate that you have done everything you can to clearly inform users about the cookies in question and to provide them with clear details of how to make choices. For example, the ICO is unlikely to prioritise first party cookies used for analytics purposes where these have a low privacy risk, or those that merely support the accessibility of sites and services, for regulatory action.

Guidance on the use of cookies and similar technologies, ICO

Délibération n° 2019-093 du 4 juillet 2019 portant adoption de lignes directrices relatives à l'application de l'article 82 de la loi du 6 janvier 1978 modifiée aux opérations de lecture et écriture dans le terminal d'un utilisateur (notamment aux cookies et autres traceurs), CNIL

Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, adopted on 12 March 2019, EDPB.

Contact details
You can contact the show at [email protected].
If you have questions, comments, suggestions for topics, or would like to appear on the show, please contact us on the email above.