Digital Law Up(to)date: Cookies on Belgian press sites - A second DPA decision against Rossel

As explained in one of our previous blogs about a fine imposed by the Belgian Data Protection Authority (DPA) on Roularta (see here), the Investigation Service of this national supervisor launched a broad investigation on the use of cookies by Belgian press sites. After Roularta, the Groupe Rossel was fined EUR 50 000 (the same amount as Roularta) by a decision of 16 June 2022 (only available in French, see here).

The DPA found several breaches of the GDPR on three websites of the French-speaking press group (lesoir.be; sudinfo.be; sudpressedigital.be):

• Several non-strictly necessary cookies were placed on the device of users before he could even give their consent;
• The information given to users regarding cookies was not sufficient and not easily accessible;
• No consent was requested for statistical and social network cookies (Rossel considered that the basis for lawfulness was its legitimate interest);
• Several consent boxes were pre-checked;
• The further browsing could not be considered as consent (the consent requires clear and specific activation);
• The withdrawal of consent was not effective.

As part of its investigation into cookies, the DPA is expected to publish other decisions on other press sites shortly.

This article was co-authored by Edouard Cruysmans in his capacity of Professional Support Lawyer at Stibbe.