Cookie walls that force visitors to accept tracking cookies before granting access violate the GDPR, the Dutch Data Protection Authority said. The GDPR requires that websites, apps and other services ask permission to track people with cookies. According to the regulator, it received many complaints about this practice.
The regulator explains that this practice is not compliant with the GDPR. The (required) consent obtained in this way is not a freely given, because withholding consent has negative consequences for the user (i.e., the user is barred from accessing the website). Instead, websites should offer users a real choice to accept or reject cookies. User who decide not to consent to the placing of tracking cookies should still be granted access to the website, for example, against the payment.
The Supervisory Authority addressed a letter to the companies about whom it received the most complaints. The authority also announced that it will carry out further verifications to ensure that the GDPR is correctly applied in this area.
The guidance of the Dutch authority is in line with an earlier decision of the Austrian Supervisory Authority discussed here.