"Cookie Walls" Non-Compliant With GDPR

The Data Protection Authority in the Netherlands  (DPA) has issued clarification to confirm that "cookie walls" that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as a condition of entry to the site are not compliant with European data protection law.

The guidance makes it clear that internet visitors must be asked for permission in advance for any tracking software being placed and this extends to third-party tracking cookies; tracking pixels; and browser fingerprinting tech. 

This permission must be freely obtained and therefore a free choice must be offered - there can be no adverse consequence on the use of the site if the user chooses not to accept these technologies.  As the Dutch DPA says: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences".

“There is no objection to software for the proper functioning of the website and the general analysis of the visit on that site. More thorough monitoring and analysis of the behavior of website visitors and the sharing of this information with other parties is only allowed with permission. That permission must be completely free,” it adds.

A spokesperson said that while they can’t comment on any individual complaints, but added: “Cookie walls are non-compliant with the principles of consent of the GDPR.  Which means that any party with a cookie wall on their website has to be compliant ASAP, whether or not we will check that in a couple of months, which we certainly will do.”

The regulator said it has received dozens of complaints from internet users who had had their access to websites blocked after refusing to accept tracking cookies. 

Therefore, it has taken the step of publishing clear guidance on the issue in addition to writing to the organisations concerned instructing them to make changes to meet GDPR requirements. As a further consequence it will be intensifying monitoring.

DQMGRC

You Might Also Read:

GDPR For Dummies:

 

« Where On Earth Is Cloud Data Actually Stored?
Over 90% Of Security Pros Fear Insider Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Dispersive Networks

Dispersive Networks

Dispersive Virtual Network is a carrier-grade software-defined programmable network that is inspired by battlefield-proven wireless radio techniques.

Protectimus

Protectimus

Affordable two factor authentication (2FA) provider. Protect your data from theft with multi factor authentication service from Protectimus.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.

Infosec Global

Infosec Global

Infosec Global provides technology innovation, thought leadership and expertise in cryptographic life-cycle management.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

Dynics

Dynics

The Dynics ICS-Defender is an Industrial Control System Security Appliance for OT or OT/IT convergent environments.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

Filigran

Filigran

Filigran provides threat intelligence, adversary simulation and crisis response open solutions to thousands of cybersecurity and crisis management teams across the world.

Var Group

Var Group

Var Group is one of the main partners for innovation in the ICT sector in Italy.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

Avatar Managed Services

Avatar Managed Services

Avatar offers proven, process driven IT support to companies who want to utilize their technology to their best advantage.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.