Telenet – Complaint Upheld (Belgium, 2021)

The complainant states that finding how to exercise their right to opt-out of receiving direct marketing on the website of the telecom provider (Telenet) is very difficult. Sending a request for further information also led to no solution. The DPA's inspection states the following: 1. The use of a large number of documents, which makes the provision of information complex, unclear and difficult to understand; 2. The presence of erroneous information; 3. The use of techniques that may have an impact on the choices of the data subject including the granting of free consent and whether or not to become acquainted with the information or the exercise of rights; 4. The construction of the information in the form of a maze in which the data subject cannot easily access the information; 5. The default choices set by Telenet that are not the most privacy friendly and always allow profiling; 6. The mandatory quasi-automatic acceptance of communication of data via cookies; 7. Combined with the lack of possibility to easily way to exercise the right to object. How clear and transparent must a privacy policy be in order to satisfy the requirements of Article 13 GDPR and Article 13 GDPR? Does continuing to use a website constitutes consent to cookies? = The DPA states that the right to opt-out of direct marketing is absolute. To opt-out for Telenet's services, the opt-out must be sent through every channel of direct marketing communication or, to disable all at once, contact Telenet or go to a physical shop. The DPA finds that the medium of communication made available for exercising the right to object must be proportionate to the means by which the controller communicates with the data subject: if the controller communicates the mandatory information under Article 13 GDPR and Article 14 GDPR via its website and/or if the data subject receives digital marketing messages from the controller, then the right to object must also be capable of being expressed online. The DPA