Ireland: Issued draft decision on Yahoo!'s alleged violation of EU GDPR

On 27 October 2022, the Irish Data Protection Commission (DPC) submitted a draft decision on an investigation into Yahoo! to the EU data regulatory authorities. Under Article 60 of the GDPR, any concerned supervisors have until 24 November 2022 to send the Irish DPC any relevant and reasoned objections to the draft decision. The DPC launched an investigation into the use of cookies on the search engine website Yahoo! and its possible violation of the EU General Data Protection Regulation (GDPR) by not obtaining legitimate consent from data subjects for tracking cookies. The investigation concerns Yahoo!'s compliance with the requirements to provide transparent information to users and process personal data in a fair and transparent manner. Furthermore, it was alleged that Yahoo! failed to communicate to users how they can exercise their rights over their data and provide information on the types of data collected.