Privacy notice
Consent form
Cookie banner
In light of a recent decision by the European Court of Justice(1) which confirmed that confirmed consumer protection associations have the right to sue if they intend to claim personal data breaches, EU companies are recommended to review their data protection provisions with respect to compliance with the EU General Data Protection Regulation. This article contains practical examples that demonstrate frequent pitfalls and mistakes made by companies.
The following table illustrates how a privacy notice should be set out.
Dos | Don'ts |
Provide the (correct) contact details of the controller and of the data protection officer. | "Please contact us with any data protection questions you may have" |
Specify the duration of the storage or, if this is not possible, the criteria. | "We will store your data for as long as legally recommended." |
Companies should also consult advice from the European Data Protection Board on what information should be included in the privacy notice.
The following table illustrates how a consent form should be set out.
Dos | Don'ts |
Specifically describes all purposes for which the data will be used. | "Yes, I consent to data processing for any and all purposes" (this does not describe each purpose and is therefore too general) |
Provide sufficient information about the right of revocation | "For information regarding your rights, please refer to our privacy notice" |
Companies should also consult advice from the European Data Protection Board on how to obtain effective consent.
The following table illustrates how a cookie banner should be set out.
Dos | Don'ts |
Offer the option to reject cookies – for example, by providing the following options:
| Failure to offer the option to reject cookies (ie, by only offering the option "Accept all (and settings)" |
Ensure compliance with all of the various data and privacy protection requirements in both national and EU legislation. This is rarely the case in practice and constitutes a significant risk. | "By using our website, you consent to all of our cookies and to our privacy notice" |
Companies should consult advice from national supervisory authorities regarding cookies.
For further information on this topic please contact Nils Müller at Eversheds Sutherland by telephone (+49 89 54565 0) or email ([email protected]). The Eversheds Sutherland website can be accessed at www.eversheds-sutherland.com.
Endnotes
(1) For further details, please see "Consumer protection associations can now take legal action against personal data breaches".