Alstrøm – Din Isenkræmmer ApS – Complaint Upheld (Denmark, 2021)
A Danish company faced a complaint for not properly obtaining consent for cookies on its website. The Danish DPA found that the company did not give users a real choice regarding cookie consent, which is crucial for respecting user privacy. This ruling serves as a reminder for businesses to ensure they have clear and valid consent mechanisms in place.
What happened
The company used a cookie consent method that did not allow users to opt out of specific cookie uses.
Who was affected
Website visitors who encountered the company's cookie consent pop-up were affected by the lack of choice.
What the authority found
The Danish DPA ruled that the company could not obtain valid consent for cookies because users were not given an opt-out option for specific purposes.
Why this matters
This ruling stresses the importance of clear consent mechanisms for cookie usage. Companies should review their cookie policies to ensure compliance with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A data subject filed a complaint with the Danish DPA regarding the controller's use of cookies on their website. The controller had relied on consent as a legal basis. The controller had first requested consent through a pop up box stating that the website used cookies. The pop up box contained two hyperlinks labeled "Read more about cookies" and "Close". During the DPA's investigation, the controller had introduced a new method of requesting consent. The controller's second solution included more information about the processing, as well as the option to opt out of processing for specific purposes from a list. With the new solution, the user had the choice between two hyperlinks labeled "ACCEPT ALL" and "Accept". The Danish DPA assessed both the first and the second consent request solution. = The DPA held that the controller could not obtained a valid consent under Article 6(1)(a) GDPR for the use of cookies when the first solution was used. The data subject did not have the option to consent to processing for particular purposes. More importantly, the controller offered no opt-out solution for the use of cookies. The data subject therefore had no choice in the matter when visiting the website. As a consequence, the DPA expressed severe criticism about the processing activities based on this cookie banner. = The DPA then had to assess whether the changes made to the cookie banner were sufficient to obtain the valid consent of data subjects. The DPA held that although the data subjects now had the possibility to reject all cookies, the cookie banner had been designed in a way that nudged the data subject towards clicking on the "ACCEPT ALL" button. It was easier for the data subjects to consent to the use of cookies than to reject such use. The DPA therefore also expressed criticism about the second solution. Lastly, the DPA also criticized the processing activities after the second solution was implemented because the cookie tracking actually began before obta
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (2)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Alstrøm – Din Isenkræmmer ApS in DK
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Alstrøm – Din Isenkræmmer ApS - Denmark (2021). Retrieved from cookiefines.eu
Last updated: