On 4 May 2020 the European Data Protection Board (‘EDPB’) issued important Guidelines on the practice of websites using so-called “cookie walls”.
Under the regulations of GDPR, website providers are obliged to obtain the visitors’ consent to store a cookie on their device. A cookie is a small text file that is downloaded onto a ‘terminal equipment’ (e.g. a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions. Experience has shown that many website providers put into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. In these cases, there is no possibility to access the content without clicking on the “Accept cookies” button. According to the Guideline, since the data subject is not presented with a genuine choice, its consent is not freely given.
EDPB also stated in its Guideline that those activities on a website, which are not especially related to giving a consent, such as simply scrolling down the page, cannot be considered as a given consent.
The importance of the above Guideline is not only to harmonize the different practices in the EU, but also to warn website providers that failing to comply with GDPR requirements may result in a fine.