Those pesky cookies… and even worse, those pestiferous cookie banners. These banners keep popping up, asking for our consent time and again. And they are often in no way compliant with the GDPR, as Nataliia Bielova (Inria) and Cristiana Santos (Utrecht University) point out in this outstanding presentation, both from a legal and in-depth technical point of view.
Compliant cookie banners mission impossible?
They formulated 22 low level legal/technical requirements to implement consent mechanisms in web applications, compliant with the requirements in GDPR and the ePrivacy Directive (do read their extensive article). In their talk they present a multitude of pitfalls, while indicating difficulties experienced when checking compliance.
Is compliance actually impossible? Bluntly, today it’s a tough challenge, though some pointers are provided regarding (future) solutions. At the very least, this session focuses your attention on many pitfalls, helping your (preferably multidisciplinary) approach to avoid them. As you should, because many GDPR court cases are the result of inadequate consent mechanisms. Do understand that invalid consent results in the interdiction of processing the data involved for the stated purposes, and will result in potentially heavy fines if processing continues.
Cookies are pesky, but the two sessions on cookies combined provide extremely helpful and needed insights in managing them in a compliant way. They’re a ‘must’.