The Fall of the Cookie Wall

Blog

Oliver Fich

15/05/2020

The European Data Protection Board (EDPB) has updated its guidelines for consent. As we wait for the ePrivacy Regulation, the EDPB tightens the grip on what constitutes valid consent when using tracking cookies.

NEW GUIDELINES ON COOKIE WALLS

No more cookie walls! And scrolling isn't considered to be consent, the European Data Protection Board declares in an updated set of guidelines to collect valid consent for cookies.

With the updated requirements, the EDPB sends an unambiguous message to websites: if you use consent as a lawful basis to collect internet users’ data, you must obtain valid consent.

Consent must be freely given,
or it does not constitute valid consent.

By valid Europe’s General Data Protection Regulation (GDPR) means certain standards: consent must be specific, informed, and most importantly, freely given.

If you are unsure whether your website is GDPR compliant, get a free compliance check here!

NO CONSENT BEHIND COOKIE WALLS

Although there has been a lot of discussion on the legitimacy of the cookie wall, the EDPB has now put it in writing.

The ‘data for access’ model practiced by a number of major European websites requires the user to “accept” tracking cookies to access the website’s content.

Demanding consent as the price
for getting onto the website,
is not considered valid consent.

The EDPB clearly points out that cookie walls do not constitute valid consent since the user is ‘forced’ to accept cookies to access the website.

The user is not presented with a genuine choice, and consent is not freely given.

40. Example 6a: A website provider puts into place a script that will block consent from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the consent without clicking on the” Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given.

41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the” Accept cookies” button. It is not presented with a genuine choice.

Last year, the Dutch DPA banned all uses of cookie walls, thereby paving the way for a unified European discussion on the topic.

The EDPB clarification should now leave no room for interpretation on whether cookie walls are allowed or not.

SCROLLING A WEBSITE DOES NOT MEAN "I CONSENT"

Another matter in the updated guidance from the EDPB is the issue of scrolling and consent.

Scrolling a website or digital service
cannot in any way be interpreted as
consent to cookies.

In essence, the EDPB explains: “actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action.”

86. Example 16: Based on recital 32, actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirements of a clear and affirmative action: such actions may be difficult to distinguish from other activity or interaction by a user and therefore determining that an unambiguous consent has been obtained will also not be possible. Furthermore, in such a case, it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it.

So, websites using cookie walls or setting cookies at the moment a visitor scrolls the webpage are not complying with the requirements for consent in accordance with the EDPB new guidelines.

There has been an increasing focus on consent and cookies around the European Data Protection Authorities, and warnings and fines have been given in Germany, Denmark, and Spain, among others.

You can always contact Cookie Information to get a compliant cookie consent solution.