Are you frustrated with websites trying to dodge around the EU’s cookie consent laws by forcing you accept cookies just to view anything? So is the EU. The European Data Protection Board has published (via TechCrunch) new guidelines saying that “cookie walls” violate EU data protection law. Consent has to be “freely given,” the board said, and an all-or-nothing choice isn’t really a choice at all.
The refreshed guidelines also bar sites from treating the mere act of scrolling or swiping as consent. Deliberate gestures count (such as drawing a figure eight), but only so long as it’s clear that performing them amounts to an agreement.
This theoretically eliminates some of the ambiguities that might confuse regulators in EU countries. It’s also a warning to sites that insist on collecting user data: either offer real consent or be prepared for legal action. Enforcement might be necessary to make sure some sites respect the rules, but it won’t be surprising if those that abuse cookie walls are more polite about it going forward.