On May 6, 2020, the European Data Protection Board (the “EDPB”) published its Guidelines 05/2020 (the “EDPB Guidelines”) on consent under the EU General Data Protection Regulation (the “GDPR”). The EDPB Guidelines are a slightly updated version of the Article 29 Working Party’s Guidelines on consent under the GDPR (the WP29 Guidelines), which were adopted in April 2018 and endorsed by the EDPB in its first Plenary meeting.
The EDPB aimed to provide further clarity around the validity of consent obtained through cookie walls and on whether scrolling through a webpage could constitute clear and affirmative consent under the GDPR. With respect to cookie walls, the EDPB Guidelines state that these type of mechanisms—which prevent users who do not accept the use of cookies from accessing a site or mobile app—are unlawful, as consent obtained this way cannot be considered freely given. Likewise, the EDPB Guidelines indicate that scrolling or swiping through a webpage, or similar user activity, does not constitute affirmative action that meets the conditions for valid consent under the GDPR. This practice also does not allow for easy consent withdrawal, in the EDPB’s view, and should not be used.
These clarifications are in line with the decision of the Court of Justice of the European Union in the case of Planet 49 and recent EU data protection authorities’ guidelines on cookie consent.
Read the EDPB Guidelines.