‘Cookie walls’ not GDPR-compliant, says Dutch data watchdog
Businesses that require internet users to agree to the collection and use of their personal data in return for enabling their access to services are in breach of EU data protection laws, a Dutch watchdog has said.
The Autoriteit Persoonsgegevens (AP) said that organisations applying so-called ‘cookie walls’ do not comply with the General Data Protection Regulation (GDPR). It has written to some website operators on the issue after receiving “dozens” of complaints, and confirmed that it plans to “intensify” its monitoring of compliance.
Aleid Wolfsen, chairman of the AP, said businesses cannot pressure consumers into accepting cookies.
Under the GDPR, consent from a data subject to the processing of their personal data must, in general, be freely given, specific and informed. It must also be an unambiguous indication of the data subject’s wishes that is stipulated by a statement or by a clear affirmative action. Explicit consent is required for some data processing activities, where consent is the legal basis for such processing.
“With so-called ‘cookie walls’ on websites (no permission means no access) the permission is not given freely, because website visitors do not get access to the website without giving permission,” the AP said. “On the basis of the [GDPR], permission is not ‘free’ if someone has no real or free choice. Or if the person can not refuse giving permission without adverse consequences.” ..Read More..