Already in March 2019, the targeted website was informed of the infringements found on the website by the GBA. The website was given the opportunity to make changes and made use of them.
However, when the GBA drew up its final report in May, it found that adjustments had actually been made, but that these were not sufficient to bring the entire website into line with the General Data Protection Regulation (in short: GDPR).
In the end, the GBA’s Disputes Chamber decided to impose an administrative fine of EUR 15,000 on the website.
In a later version, the concept of consent was provided for, but the boxes for this had already been ticked. This also goes against the provisions of the GDPR and cannot be regarded as valid consent. After all, it is not consent that is obtained as a result of an action by the user.
Written by Johanna Coppens, Legal adviser deJuristen and Kris Seyen, Partner deJuristen