Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Netherlands: Court of Amsterdam rules companies must cease placement of cookies without consent

On June 12, 2024, the Court of Amsterdam published its judgment, as issued on June 7, 2024, in which it held that LinkedIn Ireland Unlimited Company and LinkedIn Netherlands BV (LinkedIn), Microsoft Corporation, Microsoft Ireland Operations Ltd, and Microsoft BV (Microsoft), and Xandr Inc., (collectively, the Defendants) must cease the placement of cookies without user consent.

In particular, the Court highlighted that prior consent from the data subject is required for the placement of cookies, pursuant to Article 11.7a of the Telecommunications Act, and for the processing of personal data under the General Data Protection Regulation (GDPR). The Court outlined that out of 52 of the websites visited by the plaintiff, 19 placed cookies on the plaintiff's device without prior consent or after consent was explicitly refused.

Further, the Court noted that Article 11.7a of the Telecommunications Act is aimed at the person who stores information on a device or the person who accesses information on a device. However, even where third parties are responsible for the placement of cookies on user devices, the provider of the website in question has certain responsibilities. The cookies in question were therefore determined by the Court to be the result of agreements concluded by the Defendants with third-party operators. Notably, the Court provided that the Defendants had not made it impossible for third parties to place cookies without consent.

Accordingly, the Court held that the Defendants placed cookies on the plaintiff's device without their consent in violation of the Telecommunications Act and the GDPR.

You can read the decision, only available in Dutch, here.