The European Data Protection Board (EDPB) has updated its guidelines on consent: Guidelines 05/2020 on consent under Regulation 2016/679. This update is important as it aims to remove any ambiguity on the official position regarding several aspects of cookie usage. Perhaps most significantly, these latest guidelines clearly state that Cookie Walls are prohibited and that the EDPB does not consider implied consent, i.e. consent via scrolling or continued browsing to be valid.
The term Cookie Wall refers to any mechanism by which a user is prevented from accessing a service or site on the basis that they did not provide consent to the processing of their personal data via cookies.
Specifically, the EDPB‘s stance on Cookie Walls are as follows: “In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so-called cookie walls)”.
The term implied consent within the context of cookies and privacy, generally refers to non-direct forms of granting consent such as consent via scrolling and consent by continued browsing. In order for these actions to be considered consent, the user must first be informed of which action constitutes consent. While implied consent has fallen out of general favor post-GDPR, some EU Member States still allow consent on scroll and consent by continued browsing, where certain conditions are met (though this is likely to change in the near future).
The official EDPB stance on consent on scroll and consent by continued browsing is as follows: “actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action: such actions may be difficult to distinguish from other activity or interaction by a user and therefore determining that an unambiguous consent has been obtained will also not be possible. “
With that said, these latest guidelines are in contradiction with some local Member State laws, most notably, those of Italy. Therefore, in such cases, it’s difficult to say with any certainty to what extent the latest guidelines will apply or be enforced as ultimately, it will be up to the local Data Protection Authority to decide.
At iubenda, we pay close attention to the latest compliance guidelines and recommendations from around the world. Currently, implied consent options (like consent via scroll and continued browsing) are still available configurations within our Cookie Solution – giving you full control over how you customize – however, we urge you to carefully check which legislations apply to you.
Need a cookie banner and consent management platform for your website or app? Start generating for free with our Cookie Solution.
Cookie consent management for the ePrivacy, GDPR and CCPA