ECJ Pushes for Active Consent and Personal Data Control

20|30 Group
Alex Tweeddale
October 2019
The need for consent and direct user control on the internet is becoming increasingly important. A recent judgement from the European Court of Justice (ECJ) indicates that a shift is needed, whereby individuals are able to have a ‘private sphere’ of control on the internet, untapped by companies and cookies.

What has happened in the ECJ?

On 1st October 2019, the European Court of Justice (ECJ) ruled against a company called Planet49 which used a pre-ticked box for allowing analytics and third-party advertising cookies. It held, in accordance with the GDPR, that consent should be ‘opt-in’ and the user must be informed about the retention period of their data. This means that users must make a clear and affirmative action to consent to the use of cookies.

Importantly, the court also suggested that the ePrivacy Directive should be expanded to protect the user’s ‘private sphere’, which constitutes any information stored in a user’s terminal equipment. This is because using cookies is a form of processing personal data.

Why is this important?

The Planet49 case raises important questions around privacy on the internet, which can be tied to the use of cookies. A cookie is essentially a data file which sits on a user’s device and communicates with a company. The main purpose of a cookie is to offer the customer a seamless login experience when they return to the companies’ website.

However, as this case has pointed out, cookies can invade the private sphere of an individual and are akin to spy cameras on a user’s device. Most of the time, when users sign up to websites they accept the use of cookies without realising that they are surrendering their data to that company or third-parties.

Why is SSI a solution?

Self-Sovereign Identity (SSI) uses a technology called decentralised identifiers (DIDs). These are similar to cookies in the sense that they sit on a user’s terminal equipment. However, they do not collect personal data, they simply provide a secure channel between the user and the company to share data through, at the consent of the user.

From a privacy perspective, using DIDs offers the user the same benefit in terms of customer experience as a cookie, without compromising their personal data.

Given that the courts are beginning to scrutinise the use of cookies as a method of obtaining data, ruling that users must be sufficiently informed about them, and make a clear, affirmative action to use them, it seems that the use of DIDs would be the logical next step to protect privacy on the internet.

If you want to learn more about SSI and how it can benefit you as an individual, or you as a company, get in contact here.

IDWorks Ltd
9 Appold Street
London EC2A 2AP
United Kingdom
© IDWorks Ltd, 2019.
© IDWorks Ltd, 2021. All Rights Reserved.