Website owners in the Netherlands to implement "cookie walls" after being put on the spot by Dutch regulator Shortly after the cookie regulations in the Netherlands were amended, the main Dutch regulator, The Netherlands Authority for Consumers and Markets ("ACM") announced that it will more vigorously enforce those new cookie regulations (see the April edition of LegalBytes). In April the ACM sent out its first letters. Some website owners / publishers have published the letter they received. From the information published to date, it appears that the ACM has selected quite a large number of well-known websites with a particularly high number of visitors from the Netherlands, including newspapers, prominent online (social) media, and e-commerce platforms. It appears that instead of focusing on the affiliate networks, statistics and targeted advertising providers that use tracking cookies and beacons, the ACM targets the websites that allow such cookies being served. This is in contrast with the other competent regulator in the cookie space - the Dutch Data Protection Authority ("Dutch DPA") indicated that it is particularly interested in the providers that actually create and use the cookies (i.e. the cookie baker, not the cookie server). The Dutch DPA takes the position that these providers are the data controllers in respect of the cookie-generated data being processed, as the Dutch Data Protection law ("PDPA") sets forth that tracking cookie data is considered personal data unless proven otherwise. This means that a provider can only rely on the exemption of the information and consent duty if it can demonstrate that the data processed is not in any way related to an identifiable person, directly or in combination with other available data. As to the enforcement practice of the ACM: the first step in its campaign seems to be a fact finding expedition. In the sent letter, the website owners/publishers are asked to provide detailed information on the exact cookies and Java scripts they serve. This is rather an order than a request, as the ACM reminds the recipients that they are obliged to cooperate with requests for information on the basis of article 5:20 of the General Administrative Law Act. As a next step, the ACM will probably issue (binding) recommendations on the information that should be provided and the manner in which the website visitor's consent should be obtained and recorded. Some websites have already decided not to take any risks and have (re)-introduced so called "cookie walls". This means that any website visitor must first view the website's cookie statement and click OK to confirm its consent, before being able to visit the landing page or any other part of the website. This kind of technology was discussed in length in the Dutch parliament, and at the end of the day it was decided that cookie walls are permissible for all websites except from those offered by public bodies. For more information, please contact Wouter Seinen.