Iubenda logo
Start generating

Documentation

Table of Contents

Is the use of a cookie wall on websites allowed in European Countries?

If you spend time on the internet, you’ve probably come across a cookie-wall on a website. In this post, we’ll explore whether, under the GDPR, using a cookie wall is legally allowed or not. Before we dive into the legal requirements though, let’s go over what a cookie wall actually is.

What is a cookie wall?

A cookie wall is any barrier (e.g. a popup) that blocks access to a website until consent to cookies or similar technologies is granted by the user. In general, cookie walls do not contain a reject option. It’s a way to deny users access to the content if they don’t accept and consent to cookies and trackers present on that website (even if those cookies are non-exempt cookies).

Can I block access to my site if the user does not consent and be compliant with the GDPR?

While legislations may vary slightly between EU countries, in general, these cookie walls are most likely not allowed as they can be considered contrary to the GDPR’s requirement for “freely given” consent.

The European Data Protection Board (EDPB), in their guidelines for GDPR compliance, confirmed that the use of cookie walls do not constitute a valid way of obtaining consent for personal data processing in the EU.

On a member-state level, some countries such as Germany, Spain, Denmark, and Belgium state explicitly that they do not allow cookie walls. Other countries such as the UK, Italy, and Ireland do not yet have definitive statements, although it is unlikely that cookie walls are considered legitimate.

💡 To learn more about which EU cookie consent rules apply on a per-country basis, check out our Cookie Consent Cheatsheet here.

Are paywalls an appropriate alternative to cookie walls?

To date, the cookie-paywall system is not excluded by case law and seems to be in line with EU Directive No. 770 of 2019. In particular, case law recognizes the possibility of using the paywall solution as an alternative to the cookie wall (so-called “pay or ok” or “cookie-paywall”) provided that consent is freely given (the price of the service does not vitiate consent) and there are appropriate guarantees provided for the consumer (e.g. price reduction or withdrawal of the service in the event of lack of conformity of the content or service).

The decisions handed down to date make it possible to identify a commonly shared line: the legitimacy of the paywall system as an alternative to the cookie wall exists in the case where the subscription to the site has a modest and contained cost, such as not to bind the user’s free choice. If the price is particularly high, the user would be conditioned to accept the use of analytical and advertising cookies to access the service. It follows that his freedom of choice would be deemed vitiated and, therefore, the cookie-paywall unlawful for lack of the requirement of consent.

Notwithstanding the fact that the validity of the cookie pay-wall system has to be verified on a case-by-case basis, current case law makes its application possible provided that consent is free along with an adequate range and level of safeguards. However, it must be taken into account that the scenario is still being defined, and it cannot be excluded that future DPAs decisions may limit or prohibit the use of the cookie-paywall system. Therefore, regular checks of case law and DPA coverage should be carried out in order to refine the potential use of this method.

Alternative to Cookie Walls?

We suggest transparency and giving your users the option to set their preferences as legally required.

While giving your users these options can seem like a setback in monetizing your content, you’ll find that the opposite may be true.

Here are some things to consider:

  • Most users now are more privacy-aware and expect transparency. Questionable practices like cookie-walls can hurt your brand reputation;
  • Consent rates for properly implemented cookie banners are generally over 80%;
  • Many major ad networks, including Google, may refuse to serve ads, or reduce access to their network if valid user consent isn’t received;
  • Given that the GDPR grants users the right to bring suit if their rights are violated, you may be might be risking much more of your revenue if you choose to use non-compliant consent collection mechanisms.

How iubenda can help you collect GDPR consent (while still monetizing your content!)

As mentioned above, the collection of valid consent can affect your access to ad networks and the monetization of your content as a publisher. 

In the years since the GDPR went into force, industry standards have also shifted to make it easier for companies to follow the law. Under the current standards, many ad networks require publishers to implement and pass consent that is compatible with TCF Framework standards. In a nutshell, the TCF provides a standardized process for getting users’ informed consent and allows the signaling of users’ consent preferences across the advertising supply chain.

Primarily, it is meant for first-party publishers who work with third-party advertisers (i.e anyone who monetizes their content by running ads on their website). The TCF makes easier to be more transparent with users, and allows the data controller to have more control over how users’ data are processed and for which purposes.

Our Cookie Solution seamlessly integrates with, and meets all specifications of the IAB Transparency and Consent Framework (TCF). By enabling the TCF feature you can allow your users to customize their advertising tracking preferences directly from your website.

If you run ads on your website it’s highly recommended that you collect TCF compatible consent on your site as some advertising networks may limit access to their network if you don’t, which, in turn, potentially decreases your ad revenue. 

As an IAB verified Consent management platform (CMP), our solution allows you to seamlessly pass TCF consent along the ad network, as required by Google, Taboola and more.

 

iubenda’s cookie consent management solution simplifies GDPR and ePrivacy making it easy for you you to: 

  • easily inform users via cookie banner and a dedicated cookie policy page (which is automatically linked to your privacy policy and integrates what’s necessary for Cookie Law compliance);
  • obtain and save cookie consent settings;
  • give users granular control over which categories of cookies they consent to;
  • preventively block scripts prior to consent;
  • store proofs of users’ preferences via Cookie Preference Logs
  • pass TCF compatible consent preferences + more.

Manage cookie consent with the Cookie Solution

Generate a cookie banner

See also