NEW GUIDELINES ON COOKIES AND CONSENT
No more cookie walls! And scrolling isn’t consent, the European Data Protection Board declares in an updated set of guidelines to collect valid consent for cookies.
With the updated requirements, the EDPB sends an unambiguous message to websites: if you use consent as a lawful basis to collect internet users’ personal data, you must obtain valid consent.
Consent must be freely given,
or it does not constitute valid consent.
By valid, the Europe’s General Data Protection Regulation (GDPR) specifies certain standards to meet: consent must be specific, informed and most importantly freely given.
NO CONSENT BEHIND COOKIE WALLS
Although there has been a lot for discussion on the legitimacy of the cookie wall, the EDPB has now put it on writing.
The ‘data for access’ model practiced by a number of major European websites, requires the user to “accept” tracking cookies to access the website’s content.
Demanding consent as the price
for getting onto the website,
is not considered valid consent.
The EDPB clearly points that cookie walls do not constitute valid consent, since the user is ‘forced’ to accept cookies to access the website.
The user is thereby not presented with a genuine choice and consent is not freely given.
40. Example 6a: A website provider puts into place a script that will block consent from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the consent without clicking on the ”Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given.
41. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the ”Accept cookies" button. It is not presented with a genuine choice.
Last year, the Dutch DPA banned all uses of cookie walls, thereby paving the way for a unified European discussion on the topic.
The EDPB clarification should now leave no room for interpretation on whether cookie walls are allowed or not.
SCROLLING A WEBSITE DOES NOT MEAN “I CONSENT”
Another matter in the updated guidance from the EDPB is the issue of scrolling and consent.
Scrolling a website or digital service
cannot in any way be interpreted as
consent to cookies.
In essence, the EDPB explains: “actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action”
86. Example 16: Based on recital 32, actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirements of a clear and affirmative action: such actions may be difficult to distinguish from other activity or interaction by a user and therefore determining that an unambiguous consent has been obtained will also not be possible. Furthermore, in such a case, it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it.
So, websites using cookie walls or setting cookies at the moment a visitor scrolls the webpage, are not complying with the requirements for consent in accordance with the EDPB new guidelines.
There has been an increasing focus on consent and cookies around the European Data Protection Authorities and warnings and fines have been given in Germany, Denmark and Spain among others.
You can always contact Cookie Information to get a compliant cookie consent solution.