The European Data Protection Board (EDSA) has published revised guidelines on consent (Guidelines 05/2020 on consent under Regulation 2016/679, version 1.0, May 4, 2020.). This is a slightly revised version of the Guidelines on consent under Regulation 2016/679 of the Article 29 Working Party (WP259.01; in addition here). In addition to editorial changes, two topics are new:
- The effectiveness of consent in the case of “cookie walls”;
- Example 16 regarding scrolling and consent
The EDSA states the following in this regard:
- If access to a service is linked to consent, it is not sufficient that an equivalent service is available on the market without consent. Only access to the specific service in question by the responsible party concerned is assessed.
- Cookie walls – i.e. consent to tracking as a prerequisite for accessing an online service – lack voluntariness:
In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so-called cookie walls).
- The fact that a user uses a website, e.g. scrolls, does not constitute an effective declaration of consent:
Based on recital 32, actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative actionSuch actions may be difficult to distinguish from other activity or interaction by a user and therefore determining that an unambiguous consent has been obtained will also not be possible. Furthermore, in such a case, it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it.