The Hellenic Data Protection Authority has issued specific guidelines no. 1/2020 on compliance of websites with the specific legislation on electronic communications for the use of trackers.
It has recently been observed by the Authority that on several websites, in particular on informational websites, the method of obtaining consent for the use of trackers did not meet the following compliance points (see page 5 of recommendations 1/2020):
—C4: The user should be able, with the same number of actions (“clicks”) and from the same level, either to accept the use of trackers (those for which consent is required) or to reject it, either all or each category separately.
—C7: To ensure that the user is not affected by design options in favour of the choice of acceptance over the rejection option, it is recommended to use buttons and fonts of the same size, highlight and color, offering the same readability.
Specifically, the pop-up message about the use of trackers (cookie banner) featured “I agree” and “More options” on the first level while the choices “I disagree” or “Reject” were absent. Also, the choice “I agree” was highlighted with a color that prompts its selection. With these options, internet users are clearly influenced in favour of the acceptance of trackers, in breach of the law.
The Authority carried out an ex officio audit action on 30 informational websites (they were selected on the basis of website traffic) and set a deadline of 15 days for their compliance. The result of the action was the compliance of all the websites that received the Authority’s letter with only one exception.
The Authority invites all websites, whether informational or not, to adapt as soon as possible to the recommendations referred to in guidelines 1/2020, both in points C4, C7 and all compliance points.
It is noted that the Authority continues to monitor the issue of the use of trackers online and to exercise its auditing responsibilities as a matter of priority in this area. In the event of non-compliance with the above points or other detected breaches of the existing legislation, the Authority can impose administrative penalties.