On May 4, The European Data Protection Board (EDPB) published updated guidelines on the standards and regulations of online consent to collecting consumers’ data. The focus of the new guidelines deals with “cookie consent walls” and the controversy revolving around scroll to consent. For consent to be legally valid under Europe’s General Data Protection Regulation (GDPR) it must be clear and informed, specific, and freely given.
What is a consent cookie wall? A cookie consent wall is when a publisher or developer denies access to their content or website unless the visitor accepts or allows the website to collect their cookies and data. This directly violates EU GDPR regulations because this consent is not being freely given; it is being demanded by the website in order for the user to be able to view anything. Websites or companies who have these cookie consent walls implemented will face serious legal ramifications, if the new guidelines are consistently enforced.
Last year TechCrunch wrote an article about the crumbling of cookie consent walls and foresaw the dissipation of consent cookie walls. The EDPB Guidelines numbered 40 and 41 on page 11 clearly indicate that consent cookie walls do not “constitute valid consent, as the provision of the service relies on the data subject clicking the ‘Accept cookies’ button. It is not presented with a genuine choice.” The lack of “genuine choice” specifically indicates how a cookie wall strips visitors from their privacy and right to browse without having to give tracking advertisers their data.
The second major focus of the new guidelines put out by the EDPB is the issue of scroll to consent. The EU declares pretty clearly that scrolling through content or on a website does not in any way give that website consent to collect that data. The new guidelines will ideally stop companies like Metomic, a GDPR Consent Management Platform, who have been advocates for scroll to consent, fully knowing that this approach could lead to confusion on the users’ end. They’re a widget for websites to use that employs scrolling as consent, they even state “we do believe that scroll to consent is a step in the right direction towards an ethical internet.”
Well the EU disagrees. The EDPB states, “actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action.” Any websites still employing non consensual tracking cookies when somebody visits their website could face serious legal and financial consequences. Under current GDPR regulations companies found violating GDPR requirements can be fined up to 4% of their total revenue for the year.
The enforcement of these new guidelines will be interesting because it is almost two years since the EU first passed and started following the GDPR. The EDPB guidelines should help companies in terms of clarity and organization when dealing with online consent and collecting peoples’ data.