Don’t assume cookie walls always comply with GDPR.
You’ve seen the cookie walls a lot recently, right? They are those pop ups that demand you agree to having your internet browsing tracked whilst on a website. The site needs your approval so that it can track your use and then potentially deliver targeted adverts to you whilst you browse the internet later that day or week.
However, according to the Dutch Data Protection Agency (DPA), many of these cookie walls are not compliant with European Data Protection Law.
The DPA has received dozens of complaints from internet users who have found their access to websites blocked after refusing to accept tracking cookies. The DPA has not only agreed to step up their monitoring efforts, they have also contacted the websites to instruct them to ensure they make changes – changes that will ensure their websites comply with GDPR.
What the law states:
The Dutch DPA’s guidance makes it clear that permission must be asked in advance, but also that permission must be freely obtained. That means that a free choice must be offered, and a website cannot simply refuse to allow access to their site if a person does not agree to ad tracking, tracking pixels or browser fingerprinting tech.
The guidance continues: “There is no objection to software for the proper functioning of the website and the general analysis of the visit on that site. More thorough monitoring and analysis of the behaviour of website visitors and the sharing of this information with other parties is only allowed with permission. That permission must be completely free.”
When asked directly about cookie walls, the DPA responded: “Cookie walls are non-compliant with the principles of consent of the GDPR. Which means that any party with a cookie wall on their website has to be compliant ASAP, whether or not we will check that in a couple of months, which we certainly will do.”
If any website says to its visitors: “It’s agree or leave.” They are breaking GDPR laws and must change it immediately.
If you would like any assistance in ensuring your GDPR knowledge is up to scratch, simply get in touch and we’ll be happy to advise you – 01673 885533.
Sign up to our eBulletin for the latest developments in data protection, information governance and compliance.