Dutch Data Protection Authority chips away at ‘cookie walls,’ declaring they violate GDPR
Author Bradley Barth Senior Reporter
Also known as the Autoriteit Persoonsgegevens (AP), the DDPA said in a statement late last week that it is intensifying audit and compliance efforts and has contacted certain offending parties after receiving dozens of complaints from citizens who were denied access to web pages after refusing to accept cookie policies.
Under GDPR, website operators are allowed to request user permission to employ cookies, but that permission must be given freely. The use of so-called cookie walls that block users from accessing sites unless they accept cookies are therefore out of GDPR compliance because they effectively coerce users into granting permission, the AP argues.
FTC Takes Action against Companies Falsely Claiming Compliance with the EU-U.S. Privacy Shield, Other International Privacy Agreements
European Data Protection Board – Eleventh Plenary session: Guidelines on Codes of Conduct, annex to the Guidelines on Accreditation, annex to the Guidelines on Certification