The Netherlands Authority for Consumers and Markets (ACM) has established that Netherlands Public Broadcasting (NPO) has violated the rules on storing cookies. When users visit various websites managed by NPO, NPO stores cookies on these users’ computers without having sufficiently informed these users, and without having received these users’ consent in the correct manner. By failing to do so, NPO has violated the rules concerning the storage of cookies laid down in the Dutch Telecommunication Act. In order to force NPO to adjust its practices, ACM imposes an order subject to periodic penalty payments. If NPO does not carry out the necessary improvements within four weeks, it is required to pay a penalty payment of EUR 25,000 per week with a maximum of EUR 125,000.
Anita Vegter, Member of the Board of ACM, explains: “Storing cookies without informing users and without their consent is not allowed. ACM takes action against such practices. It has thus started its cookie enforcement efforts with government websites such as those of NPO because of their exemplary function.”
In the past few months, ACM has already given NPO several opportunities to adjust its websites with respect to the abovementioned points in order to have them comply with regulations. In those instances, ACM took into account the broadening of the cookie act, which the Dutch House of Representatives is currently debating. So far, this has not led to the desired result, and that is why ACM has decided to impose an order subject to periodic penalty payments. ACM has closely cooperated with the Dutch Data Protection Authority (CBP), as both regulators have complimentary powers concerning the enforcement of cookie regulations. ACM’s powers govern the storage of cookies: informing users, and obtaining their consent (or not). The order ACM imposed today is about exactly these issues. CBP’s powers govern the processing of personal details that are collected through cookies.
In 2012, ACM (then still one of its legal predecessors, the Netherlands Independent Post and Telecommunications Authority) sent letters to a large number of government websites or websites that are associated with the government about compliance with the Dutch cookie act. ACM believed that it was important these websites set the right example when it came to compliance with these rules. In order to comply with the cookie rules, NPO decided to set up a ‘cookie wall,’ admitting only those users that had accepted the storage of cookies. This created an undesirable situation because users could then only visit public websites such as NPO’s catch-up TV website www.uitzendinggemist.nl if they supplied their personal details. Following political pressure, and the joint efforts of ACM and CBP, the cookie wall was replaced with a cookie banner, which offers users more options, yet does not fully meet all of the statutory requirements.
A cookie is a small text file, which can be used to collect information about a website’s user. A cookie is stored on the user’s computer, when visiting a website. Certain rules apply to the storage of cookies. For example, users must be informed about the storage of cookies, and users must have given consent to such storage.