On May 5, 2020, the European Data Protection Board (EDPB) published a slightly updated version of the WP 29 (i.e. former EDPB) guidelines on the GDPR consent of April 10, 2018.
The EDPB has provided further clarifications regarding:
– The validity of consent provided by the data subject when interacting with “cookie walls”;
– Example 16 on scrolling and consent.
As a result, the EDPB has revised the sections on Conditionality (paragraphs 38 – 41) and Unambiguous indication of wishes (paragraph 86).
Access to website content cannot be conditional on the acceptance of cookies
In its updated guidelines, the EDPB reminds that:
- GDPR consent should not be conditional on the provision of a service;
- Controllers should provide equivalent services to those who have not consented to the additional processing operations; and
- The level of granularity of consent must be sufficient to give users the possibility to consent specifically to each purpose of processing subject to their consent.
As a result, the EDPB has clarified its example on cookies wall and considers that cookies walls denying users access to a websites’ content as long as they have not accepted cookies is not compliant with GDPR requirements on consent.
Indeed, the acceptance of cookies would not be a genuine choice as it is a condition of access to the website’s content.
Browsing a website is not a sufficient indication of consent
The EDPB considers an active motion or declaration may be valid consent provided that it is obvious that the data subject has consented to a particular processing purpose.
Controllers must avoid ambiguity and ensure that the consent given can be distinguished from other actions.
Therefore, the EDPB considers that continuing browsing a website including scrolling or swiping through webpages is not valid consent.
On the other hand, waiving in front of a smart camera or turning its smartphone clockwise may be a valid consent if the other conditions of validity of consent are met.