A link to the European Data Protection Board (EDPB) adopted Guidelines 05/2020 (guidelines) on consent under General Data Protection Regulation 2016/679 (GDPR) is set out below.
The guidelines update the previous guidelines on consent and transparency, which the Article 29 Working Party adopted on 10 April 2018. The EDPB has published the guidelines in order to provide further detail on the following points in the previous guidelines:
- The validity of consent provided by the data subject when interacting with cookie walls.
- Examples of a consent mechanism in relation to scrolling and consent (see example 16).
Consent given via a ‘cookie wall’
The consent mechanism
In section 3.4 – ‘Unambiguous indication of wishes’ – controllers are advised to design consent mechanisms that are clear to data subjects and which unambiguously show that the data subject has given consent. ‘Example 16’ has been amended in the guidelines to clarify that scrolling or swiping through a webpage (or similar user activity) is not enough to satisfy the requirement of a ‘clear and affirmative action’ that is necessary to constitute valid consent. This is because scrolling or swiping are difficult to distinguish from other actions by the user and it may be difficult for data subjects to withdraw consent as easily as it has been given.
The guidelines are consistent with current ICO cookies guidance and ECJ rulings (e.g. the Planet49 case) that cookie consent must be ‘active’ and ‘specific’. They may also have an impact on the ePrivacy Regulation negotiations.