Aktiebolaget Trav och Galopp – Complaint Upheld (Sweden, 2024)
Aktiebolaget Trav och Galopp faced a complaint for making it difficult for users to refuse cookies. This is significant because it shows that companies must make it easy for users to manage their consent. Other businesses should ensure their cookie practices are user-friendly to comply with privacy laws.
What happened
A complaint was upheld against Aktiebolaget Trav och Galopp for not allowing users to easily reject cookie consent.
Who was affected
Users of Aktiebolaget Trav och Galopp's services were affected by the confusing cookie consent process.
What the authority found
The Swedish data protection authority found that the company did not provide a clear way for users to refuse cookies, violating GDPR transparency requirements.
Why this matters
This case highlights the importance of clear and accessible consent mechanisms for cookies, urging companies to simplify their processes to respect user choices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The data subject advanced a complaint against Aktiebolaget Trav och Galopp, one of the biggest Swedish gambling companies, the controller, alleging that users could not give valid consent, and that they could not refuse cookies. More specifically, the choice of colour, contrast and links of the cookie banner was claimed to be misleading. This does not allow the data subject to give an “informed and freely given consent”, thus allegedly violating the principle of transparency. The controller claimed that, at the time of the complaint, consent was the legal basis for the processing and that it was possible to refuse cookies as well as withdraw consent in the second layer, i.e. through the link placed in the cookie banner, under the heading "How do I manage the acceptance/rejection of cookies?". As of October 2021, the controller introduced a clear “refuse” button instead of a link leading to a second layer where cookies could be rejected. Moreover, the controller changed the colour and contrast of the acceptance and refusal buttons. Finally, no cookies other than necessary cookies were placed in the visitor's browser before the data subjects gave their consent. While the DPA recognized that the Swedish Post and Telecom Authority is, generally, the sole competent authority over the [https://www.riksdagen.se/sv/dokument-och-lagar/dokument/svensk-forfattningssamling/lag-2022482-om-elektronisk-kommunikation_sfs-2022-482/ Swedish Electronic Communications Act 2022:482], it also considered that the personal data processing taking place after collection of such data, is subject to the GDPR. Thus, the DPA decided to analyse the matter only to the extent concerning the processing of personal data that took place after the data was collected and to the deficiencies presented in the complaint. The DPA focused its analysis on the requirements of consent under Articles 6(1)(a) and 4(11) GDPR. More specifically, it considered that, for consent to be “freely given and informed”,
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.
Art. 7 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Aktiebolaget Trav och Galopp in SE
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Aktiebolaget Trav och Galopp - Sweden (2024). Retrieved from cookiefines.eu
Last updated: