This is a requirement of the ePrivacy Directive (ePD) read in conjunction with the General Data Protection Regulation (GDPR). It follows that relying on legitimate interests or other legal bases available in the GDPR is not permissible for the storing or accessing of information on a device, such as is the case when using cookies.
Pre-ticked boxes, presumed consent, ambiguous consent, such as implied consent, are not lawful.
Only a user’s “active behavior with a view to giving his or her consent” fulfills the requirement of unambiguous consent. It must be possible to “ascertain objectively” whether a user has actually given consent. This is in line with the recent opinion published by the French data protection authority that stated so-called soft opt ins, i.e. scrolling or continuing to use a website to consent, is not lawful. You can read more about that in our other post, here.
Consent requires that the user is informed of the life-span of the cookie; and whether or not third parties have access to those cookies.
Therefore, a user must have been given information about third party cookies, including their life-span, at the time that the user is asked for consent.
The CJEU ruling reinforces that detailed information must be given to users and affirmative consent from users be obtained before pixels or tags can fire and cookies written or read.
How to comply?
The easiest way for publishers and advertisers to comply with the ePrivacy Directive and GDPR as interpreted by the CJEU in its Planet49 judgment is to implement a Consent Management Platform (CMP) that meets the standards of the IAB Europe Transparency & Consent Framework (TCF), such as Quantcast Choice.
Privacy-by-design is one of Quantcast’s core product development tenets, and as such we diligently work to stay on top of the latest industry developments, such as court rulings, regulator opinion and practice to ensure our products help our partners reach compliance. This includes being involved in the evolution of the IAB TCF. To learn more about Quantcast Choice and how it can help you stay on the right side of GDPR, please click here.