"Cookie Walls" Non-Compliant With GDPR

Uploaded on 2019-03-28 in FREE TO VIEW, BUSINESS-Services-Law

The Data Protection Authority in the Netherlands  (DPA) has issued clarification to confirm that "cookie walls" that demand a website visitor agrees to their internet browsing being tracked for ad-targeting as a condition of entry to the site are not compliant with European data protection law.

The guidance makes it clear that internet visitors must be asked for permission in advance for any tracking software being placed and this extends to third-party tracking cookies; tracking pixels; and browser fingerprinting tech. 

This permission must be freely obtained and therefore a free choice must be offered - there can be no adverse consequence on the use of the site if the user chooses not to accept these technologies.  As the Dutch DPA says: “Permission is not ‘free’ if someone has no real or free choice. Or if the person cannot refuse giving permission without adverse consequences".

“There is no objection to software for the proper functioning of the website and the general analysis of the visit on that site. More thorough monitoring and analysis of the behavior of website visitors and the sharing of this information with other parties is only allowed with permission. That permission must be completely free,” it adds.

A spokesperson said that while they can’t comment on any individual complaints, but added: “Cookie walls are non-compliant with the principles of consent of the GDPR.  Which means that any party with a cookie wall on their website has to be compliant ASAP, whether or not we will check that in a couple of months, which we certainly will do.”

The regulator said it has received dozens of complaints from internet users who had had their access to websites blocked after refusing to accept tracking cookies. 

Therefore, it has taken the step of publishing clear guidance on the issue in addition to writing to the organisations concerned instructing them to make changes to meet GDPR requirements. As a further consequence it will be intensifying monitoring.

DQMGRC

You Might Also Read:

GDPR For Dummies:

 

« Where On Earth Is Cloud Data Actually Stored?
Over 90% Of Security Pros Fear Insider Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infineon Technologies

Infineon Technologies

Infineon is a leader in semiconductor solutions for a huge range of applications including automation, smart systems and security for the Internet of Things.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

CERT-IS

CERT-IS

CERT-IS is the national Computer Emergency Response Team for Iceland.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

DataProtect

DataProtect

DataProtect is a specialized information security company providing consultancy, information management, integration and training services.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Gradient Cyber

Gradient Cyber

Gradient Cyber offer mid-market organizations enterprise-grade threat detection and response services at a fraction of the cost of an in-house SOC.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Acumenis

Acumenis

At Acumenis, we help organisations of all sizes to manage information security effectively. Our key services are penetration testing, ISO 27001 implementations, and security

CyberGrape

CyberGrape

CyberGrape is a client centric managed services company, providing enterprise leading security solutions and helping companies through their IT risk and security challenges.

Infrassist Technologies

Infrassist Technologies

We're Infrassist - a trusted white label Managed IT & Professional Services partner for MSP businesses.