Cookie walls that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as the “price” of entry to the site are not compliant with European data protection law, the Dutch data protection agency clarified yesterday.
The DPA said it has received dozens of complaints from internet users who had had their access to websites blocked after refusing to accept tracking cookies — so it has taken the step of publishing clear guidance on the issue.
It also says it will be stepping up monitoring, adding that it has written to the most-complained-about organizations (without naming any names) — instructing them to make changes to ensure they come into compliance with GDPR.
Europe’s General Data Protection Regulation, which came into force last May, tightens the rules around consent as a legal basis for processing personal data — requiring it to be specific, informed and freely given in order for it to be valid under the law.
Of course consent is not the only legal basis for processing personal data, but many websites do rely on asking internet visitors for consent to ad cookies as they arrive.
And the Dutch DPA’s guidance makes it clear internet visitors must be asked for permission in advance for any tracking software to be placed — such as third-party tracking cookies; tracking pixels; and browser fingerprinting tech — and that that permission must be freely obtained. Ergo, a free choice must be offered.
So, in other words, a “data for access” cookie wall isn’t going to cut it. (Or, as the DPA puts it: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences.”)
Clique aqui e leia a matéria completa.