Our remarks • It’s important to ensure that cookies are not placed • Additionally, the colors for the ”accept” and ”reject” on a user’s device before they have accepted them fields should be carefully chosen. In this case, the and that all other conditions for obtaining valid Danish DPA stated that the ”Accept” field appeared consent under GDPR are met. For more information, inactive, while the ”ACCEPT ALL” field appeared see our section on the decision against Dating.dk of clear and distinct. This created a visual distinction 21 September 2021. between the two fields, potentially pushing users toward accepting all cookies. • When designing a consent solution, the wording used for accepting and rejecting cookies should be • If using Google Analytics, it should be set up in such carefully considered. Specifically, in this case, the a way that information about visitors to the website Danish DPA stated that ”Accept” and ”ACCEPT ALL” is not transferred to third parties outside of the EU. did not make it clear whether users could reject cookies. Instead, the data controller could have used ”Reject all cookies except necessary” and ”Accept all cookies”. 105
Complycloud EU GDPR Report Page 104 Page 106