Another (Austrian) decision showing the pressing need for a better ePrivacy approach. “[C]ookies set by the Google reCAPTCHA service are not necessary for the operation of a website […] regardless of the fact that preventing bot input is advantageous for website operators. The implementation of reCAPTCHA is not technically necessary for the operation of the website, as it has no influence on the functionality of the website, which is why […] the consent of the co-involved party would have had to be obtained.
So consent is needed before you can put in place an anti-bot tool?
*facepalm*
I have said this repeatedly: strict interpretations of the “service” exemption under Art. 5(3) of the ePrivacy Directive are not helping *anyone*. “Technically necessary” is a myth – the law talks about what is strictly necessary, and never suggests that the perspective of the user is what matters. If a publisher cannot put in place anti-bot and anti-fraud measures without a user’s consent (which fraudster will ever consent?), its service has to be provided under different conditions (e.g. higher pricing, less availability, etc.) – so it’s not the same service.
Yes, Article 5(3) of the ePrivacy Directive could do with an update. But without legislative action, it is up to the courts and regulators to take decisions that *make sense* – and if anyone ever needs legal arguments to show positions that do indeed make sense, you know whom to call.
Some links that may be of interest:
– my ramblings on PETs and ePrivacy and the absurdity of evolving positions by regulators: https://lnkd.in/e2nVnyez
– my op-ed on the “service” exemption: https://lnkd.in/ezYeGSi4
– my critical analysis of the EDPB’s own view of Art. 5(3) ePrivacy Directive: https://lnkd.in/eDV4NSRX
Judgment of 13 September 2024 of the Austrian Federal Administrative Court: https://lnkd.in/eGKEET9h
Thanks Dr. Carlo Piltz for flagging this! (link to Carlo’s post: https://lnkd.in/e_Ry5zeH )
GDPR data protection cookies
Did this analysis get you thinking? Reach out!
DataLaws.net is entirely open-access, and instead of getting your data in exchange for this content, how about another trade? If this commentary saved you research time or sparked an idea, feel free to invite me over for tea, chai or a hot chocolate next time you are around Brussels or Antwerp - or invite me over to your offices for a chat!
Get in touch ↗ Let's connect on LinkedIn ↗