Cookie wall: allowed by the GDPR?

GDPR

Rogier

Rogier

Senior Developer

Last Updated: 3/29/2019

Categories

Most Popular Articles

Subscribe to our newsletter

    For EU Subscribers | Privacy Statement
    For USA Subcribers | Privacy Statement

  • This field is for validation purposes and should be left unchanged.

You might have seen some cookie walls over the internet. Mostly websites in the EU due to the GDPR. There is some confusion regarding this topic. In this article we will explain you whether it’s allowed or not. On march 7 2019 the Dutch Privacy Authority has stated that websites should stay accessible when tracking cookies are declined. Let’s look at the how and why of Cookie Walls.

What is a cookie wall?

A cookie wall is a popup that is being placed on a website to inform users about the cookie use on the website, without a reject option. The only way to view the content is to accept and proceed.

So are they allowed?

The answer to the question “Are they allowed” is a difficult one! In the past it was only forbidden for public sector websites, but since the GDPR it seems it also isn’t allowed for commercial websites. The current ePrivacy Directive also now refers to article 7 (“Conditions for permission”) of the GDPR which states that permission should be given freely. This means a website should be accessible for everyone and not merely for those who accept all (tracking) cookies.

Doesn’t the new ePrivacy Regulation take care of this?

The new ePrivacy Regulation (ePR) will probably come into effect in 2020, and will repeal the old e-Privacy Directive. The provisions of this regulation particularise and complement the general rules on the protection of personal data. In the 2017 draft of the new regulation the use of a cookie wall seems to be allowed:

“Access to specific website content may still be made conditional on the consent to the storage of a cookie or similar identifier. Not all cookies are needed in relation to the purpose of the provision of the website service. Some are used to provide for additional benefits of the website operator.”

However, in more recent drafts this particular text was deleted!

The februari 2019 draft of the regulation contains the following consideration:

“Making access to the website content provided without direct monetary payment conditional to the consent of the end -user to the storage and reading of cookies for additional purposes would normally not be considered disproportionate in particular if the end-user is able to choose between an offer that includes consenting to the use of cookies for additional purposes on the one hand, and an equivalent offer by the same provider that does not involve consenting to data use for additional purposes on the other hand. Conversely, in some cases, making access to website content conditional to consent to the use of such cookies may be considered to be disproportionate. This would normally be the case for websites providing certain services, such as those provided by public authorities, where the user could be seen as having few or no other options but to use the service, and thus having no real choice as to the usage of cookies.”

Therefore you can’t put a cookie wall on your site, unless you also offer access to the information on your website without the need for consent.

Alternatives

Looking at the above, it seems not possible to use a cookie wall . Are there alternatives?

Giving your users a reason to consent

A method to get users to consent is to offer third party services on your site which require consent. A good example of this is YouTube. Most users want to be able to view the YouTube movies. If you install Complianz GDPR Cookie Consent, YouTube automatically gets blocked, with a nice looking preview image. To view the video, users need to accept third party cookies first. Using interesting YouTube video’s will increase your consent ratio.

Offer a paid alternative

An alternative which is a “real” cookie wall, is a system where you offer your visitors the choice between paid, tracking free access, or free access, with tracking. An example of this can be seen here at the Washington Post.

Conclusion

In order to ensure that consent can be given freely, the absence of consent should not affect the data subject. This means that website visitors should still be able to use the website (even if it’s with restrictions), even if they have not given permission for the use of cookies. This conclusion was reinforced on March 7 2019, when the Dutch Privacy Authority stated that a website should always be accessible, even when tracking cookies are declined. Cookie Walls are therefore not allowed. The only exception is a system where you offer your visitors the choice between paid, tracking free access, or free access, with tracking.

Download our plugin to use a GDPR friendly alternative to these cookie walls, if you’re using one!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.

© Copyright - Complianz 2019