"Cookie Walls" Non-Compliant With GDPR

The Data Protection Authority in the Netherlands  (DPA) has issued clarification to confirm that "cookie walls" that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as a condition of entry to the site are not compliant with European data protection law.

The guidance makes it clear that internet visitors must be asked for permission in advance for any tracking software being placed and this extends to third-party tracking cookies; tracking pixels; and browser fingerprinting tech. 

This permission must be freely obtained and therefore a free choice must be offered - there can be no adverse consequence on the use of the site if the user chooses not to accept these technologies.  As the Dutch DPA says: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences".

“There is no objection to software for the proper functioning of the website and the general analysis of the visit on that site. More thorough monitoring and analysis of the behavior of website visitors and the sharing of this information with other parties is only allowed with permission. That permission must be completely free,” it adds.

A spokesperson said that while they can’t comment on any individual complaints, but added: “Cookie walls are non-compliant with the principles of consent of the GDPR.  Which means that any party with a cookie wall on their website has to be compliant ASAP, whether or not we will check that in a couple of months, which we certainly will do.”

The regulator said it has received dozens of complaints from internet users who had had their access to websites blocked after refusing to accept tracking cookies. 

Therefore, it has taken the step of publishing clear guidance on the issue in addition to writing to the organisations concerned instructing them to make changes to meet GDPR requirements. As a further consequence it will be intensifying monitoring.

DQMGRC

You Might Also Read:

GDPR For Dummies:

 

« Where On Earth Is Cloud Data Actually Stored?
Over 90% Of Security Pros Fear Insider Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Picnic

Picnic

Picnic is a gritty, pioneering team of intelligence and cybersecurity specialists focused on solving the security challenge of our time - social engineering.

Anonomatic

Anonomatic

Anonomatic’s mission is to make data privacy secure, simple and cost effective. We are Data and Privacy Experts who are passionate about helping organizations solve PII compliance.

Concourse Labs

Concourse Labs

Concourse Labs Security Guardrails continuously verify cloud infrastructure and workloads. Continuously assess clouds for security, resiliency, and regulatory compliance.

Verinext

Verinext

Verinext delivers transformative business technology, from intelligently automating time-consuming tasks and protecting data assets to securing infrastructure and improving customer experiences.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.