The Dutch Data Protection Authority (AP) has imposed a fine of 40,000 euros on Coolblue for unlawfully processing personal data in 2020. At the time, the company collected personal data from visitors to the webshop via cookies, without their explicit consent. Coolblue automatically assumed that visitors agreed.
Coolblue should have obtained explicit permission from visitors to collect personal data via cookies. This means that people must actively choose this. This was not the case at Coolblue. In the cookie statement, the company indicated that it assumed that visitors agreed. In addition, Coolblue had pre-ticked the boxes for permission to use cookies. This is contrary to the General Data Protection Regulation (GDPR).
At the end of 2019, the AP started an investigation into websites, including Coolblue.nl, to test whether they comply with the rules that apply to cookies. The AP looked at whether those websites requested permission correctly.
After a visit to Coolblue.nl, the AP sent Coolblue a letter in November 2019, because the company’s policy in this area was not in order. In April and May 2020, the AP found that Coolblue’s working methods were still not in order. Then the AP started an investigation. In June 2020, it turned out that Coolblue had already adjusted its working methods.
Source: www.emerce.nl
