Walls of all types are generally built to block, divide, or an enclose an area; cookie walls have become an increasingly popular mechanism utilized by websites in an effort to block content and force website visitors to provide consent. New consent guidelines from the European Data Protection Board (“EDPB”) state that these cookie walls are a violation of the General Data Protection Regulation (“GDPR”). Specifically, the guidelines state that:
If you want to be compliant with GDPR, you can’t use a cookie wall to force consent for European Union (“EU”) visitors to your website. GDPR includes consent as one of six lawful bases that data controllers can use when processing people’s personal data. In order for consent to be legally valid under GDPR, consent must be clear and informed, specific and freely given. Cookie walls that demand consent in order to view website content are contrary to the “freely given” part of this criteria, and are therefore invalid.
They do! The European Data Protection Board (EDPB) includes the below example to show that cookie walls do not constitute valid consent; the “Accept Cookies” button does not present the visitor with a genuine choice:
Example 6a: A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed. There is no possibility to access the content without clicking on the “Accept cookies” button. Since the data subject is not presented with a genuine choice, its consent is not freely given. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the “Accept cookies” button. It is not presented with a genuine choice.
No! Scrolling on a website or digital service cannot be interpreted as consent. The EDPB makes this clear by stating “actions such as scrolling or swiping through a webpage or similar visitor activity will not under any circumstances satisfy the requirement of a clear and affirmative action.” The EDPB guidance indicates one reason for its position is the difficulty with which a visitor could withdraw consent in a manner as easy as granting it; it’s just not possible.
First, you should understand the risks. Any websites still trying to use tracking cookies the moment a site visitor scrolls the page are risking regulatory enforcement, and that gets expensive. GDPR fines can be as high as €20M or 4% of global revenues (even if your business isn’t based in the EU). If you’re using a cookie wall for your EU visitors, you’re putting yourself at significant financial risk. That means you need a compliant solution, one which clearly and accurately requests consent and offers a similarly easy route to opt-out and/or manage consent.
Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:
You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.