April 01, 2019

Dutch Say "No" to Allowing Cookie Walls in Light of the GDPR

Heidi Kuffel

Skarzynski Marick & Black LLP

We live in an age where we expect to have all sorts of free information at the click of a mouse or tap of a touchscreen. The use of cookie walls, pop-ups that require consent to use of cookies in order to access a site, counter these expectations of access to endless free information. The Dutch Data Protection Agency, or Autoriteit Persoonsgegevens (the "AP") published an article discussing guidance recently released involving use of cookie walls in light of the mandates of the GDPR. The guidance provides that use of the walls is inconsistent with the requirements of the GDPR since the consent cannot be considered voluntary. When a cookie wall is used on a site, a person essentially has two choices: (1) consent to cookies being used (and hence provide unknown levels of personal information) to have access to the site; or (2) exit the site so that no information is taken about the user. Although there are two choices, the AP doesn't recognize these as meaningful choices because if a user does not want to consent, they simply are prohibited from entering the site. If they do consent, it is likely under unlawful pressure, knowing that if they don't consent, they cannot access the site. In order to comply with the GDPR, a real choice must be provided to the user, which may include rejecting the use of cookies.

The AP is prioritizing the enforcement of the prohibition of these cookie walls, and has issued a number of letters to various entities responsive to numerous complaints it has recently received.

To access the article by the AP, visit https://www.autoriteitpersoonsgegevens.nl/nl/nieuws/websites-moeten-toegankelijk-blijven-bij-weigeren-tracking-cookies

Heidi Kuffel

Skarzynksi Marrick & Black LLP