You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall.’ Not if you need to be compliant with European data protection law. From a report: That’s the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people’s data. Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people’s personal data. But in order for consent to be legally valid under Europe’s General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific and freely given. Hence cookie walls that demand ‘consent’ as the price for getting inside the club are not only an oxymoron but run into a legal brick wall. No consent behind a cookie wall The regional cookie wall has been crumbling for some time, as we reported last year — when the Dutch DPA clarified its guidance to ban cookie walls. The updated guidelines from the EDPB look intended to hammer the point home. The steering body’s role is to provide guidance to national data protection agencies to encourage a more consistent application of data protection rules.
of this story at Slashdot.
Source:: Slashdot