DMI – Reprimand (Denmark, 2020)

Reprimand
Datatilsynet (Norway)11 February 2020Denmark
final
ePrivacy
Reprimand

The Danish Meteorological Institute (DMI) was reprimanded for using cookies to track visitors before getting their consent. This case is important because it shows that consent must be obtained before any data tracking begins. Website operators should ensure clear and valid consent mechanisms are in place.

What happened

DMI used cookies to track website visitors before obtaining their consent, violating GDPR rules.

Who was affected

Visitors to DMI's website were affected as their data was tracked without proper consent.

What the authority found

Datatilsynet found that DMI did not have a valid legal basis for processing personal data since consent was not properly obtained.

Why this matters

This case highlights the importance of obtaining valid consent before processing personal data. It serves as a warning to website operators to review their consent practices, especially when using third-party tracking tools.

GDPR Articles Cited

Art. 26 GDPR
Art. 5(1)(a) GDPR
Art. 6(1)(a) GDPR
Art. 4(11) GDPR
Denmark enforcementDatatilsynet (Norway) actionsAll DMI actions
Full Legal Summary
Detailed

DMI used cookies and processed personal data before obtaining user consent, lacked a reject button, made rejecting cookies harder than accepting, used pre-ticked boxes, and loaded third-party cookies without consent.

Outcome

Reprimand

A formal reprimand: the DPA found a violation and issued a formal censure.

Violations (5)

No Reject Button
critical

Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.

Art. 7 GDPR

Reject Harder Than Accept
critical

Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.

Art. 7 GDPR

Pre-ticked Consent Boxes
high

Cookie consent checkboxes are pre-selected by default, violating the requirement for active, affirmative consent.

Art. 4(11) GDPR

Cookies Placed Before Consent
critical

Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.

Art. 6(1) GDPR

Third-Party Cookies Without Consent
critical

Third-party tracking cookies or scripts are loaded without obtaining prior user consent.

Art. 13, 14 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for DMI in DK

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

unknown (claimant)

2021 · DPA OLGWien

Azienda USL della Romagna

2021 · Garante per la protezione dei dati personali

€50K

Ramona Films, S.L.

2022 · Agencia Española de Protección de Datos

€8K

CNIL

2019 · Court of Justice of the European Union

Minister for Legal Protection

2022 · DPA RbOverijssel

Details

Decision Date

11 February 2020

Authority

Datatilsynet (Norway)

GDPRhub ID

gdprhub-2163

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified
Cookie relevance: 100%

Cite as: Cookie Fines. DMI - Denmark (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: