The case involves a website that failed to gather valid consent for processing activities related to marketing cookies. The website's cookie consent mechanism only displayed an "Allow all cookies" button, and users who wanted to refrain from giving consent had no other option. The website operator interpreted the continued use of the website as consenting to the marketing cookies. However, the Danish DPA (Datatilsynet) held that this was illegal, as consent presupposes voluntariness, which was clearly not present in this case. The DPA also emphasised that consent must be an unequivocal expression of will on the part of the data subject, requiring active action and not merely inactivity. The website visitors were not free to choose in a granular fashion between different processing purposes, such as statistics or marketing, which violated the requirement of granularity. The DPA also referred to Recital 32 GDPR and paragraph 62 of the CJEU Planet49 case (C-673/17), which explicitly state that silence, pre-ticked boxes, or inactivity may not constitute consent. The DPA recommended that the controller reconsider the design of its new consent mechanism, as the current wording was not transparent and easy to understand for website visitors. The text of the consent should only include the processing(s) covered by the consent, and the data controller should be aware of the relevant processing basis for the personal data in the consent text. The new consent mechanism also made it unclear to the website visitor which processing basis(s) actually formed the basis for the website's processing of personal data in relation to statistics and marketing. The DPA encouraged the controller to make the consent mechanism clearer for the website visitor.