If you spend time on the internet, you’ve probably come across a cookie-wall on a website. In this post, we’ll explore whether, under the GDPR, using a cookie wall is legally allowed or not. Before we dive into the legal requirements though, let’s go over what a cookie wall actually is.
A cookie wall is any barrier (e.g. a popup) that blocks access to a website until consent to cookies or similar technologies is granted by the user. In general, cookie walls do not contain a reject option. It’s a way to deny users access to the content if they don’t accept and consent to cookies and trackers present on that website (even if those cookies are non-exempt cookies).
While legislations may vary slightly between EU countries, in general, these cookie walls are most likely not allowed as they can be considered contrary to the GDPR’s requirement for “freely given” consent.
The European Data Protection Board (EDPB), in their guidelines for GDPR compliance, confirmed that the use of cookie walls do not constitute a valid way of obtaining consent for personal data processing in the EU.
On a member-state level, some countries such as Germany, Spain, Denmark, and Belgium state explicitly that they do not allow cookie walls. Other countries such as the UK, Italy, and Ireland do not yet have definitive statements, although it is unlikely that cookie walls are considered legitimate.
💡 To learn more about which EU cookie consent rules apply on a per-country basis, check out our Cookie Consent Cheatsheet here.
A paywall is a method of allowing access to content through a purchase or a paid subscription. This approach is becoming popular among publishers and is commonly shown as a popup when users try to access news, articles or premium content featured on the website.
At the moment, however, cookie paywalls do not appear to be an appropriate alternative to cookie walls because, in the spirit of the GDPR, consent must be freely given. If a user is faced with the option to either consent or pay for access to website content, it can be considered coercive and unfair.
Note, having tiers of content, (e.g. free vs premium) as a business model is not the same as blocking all free site content behind a paywall unless the user consents to cookies.
Now that we’ve seen that cookie walls are, in general, not considered to be in line with GDPR requirements. What’s the alternative?
We suggest transparency and giving your users the option to set their preferences as legally required.
While giving your users these options can seem like a setback in monetizing your content, you’ll find that the opposite may be true.
Here are some things to consider:
As mentioned above, the collection of valid consent can affect your access to ad networks and the monetization of your content as a publisher.
In the years since the GDPR went into force, industry standards have also shifted to make it easier for companies to follow the law. Under the current standards, many ad networks require publishers to implement and pass consent that is compatible with TCF Framework standards. In a nutshell, the TCF provides a standardized process for getting users’ informed consent and allows the signaling of users’ consent preferences across the advertising supply chain.
Primarily, it is meant for first-party publishers who work with third-party advertisers (i.e anyone who monetizes their content by running ads on their website). The TCF makes easier to be more transparent with users, and allows the data controller to have more control over how users’ data are processed and for which purposes.
Our Cookie Solution seamlessly integrates with, and meets all specifications of the IAB Transparency and Consent Framework (TCF). By enabling the TCF feature you can allow your users to customize their advertising tracking preferences directly from your website.
If you run ads on your website it’s highly recommended that you collect TCF compatible consent on your site as some advertising networks may limit access to their network if you don’t, which, in turn, potentially decreases your ad revenue.
As an IAB verified Consent management platform (CMP), our solution allows you to seamlessly pass TCF consent along the ad network, as required by Google, Taboola and more.
iubenda’s cookie consent management solution simplifies GDPR and ePrivacy making it easy for you you to: