On March 7, 2019, the Dutch Supervisory Authority for data protection issued guidance prohibiting the use of “cookie walls” on websites. Cookie walls require website users to consent to the placing of tracking cookies or similar technologies before allowing them access to the website. According to the regulator, it received many complaints about this practice.
The regulator explains that this practice is not compliant with the GDPR. The (required) consent obtained in this way is not a freely given, because withholding consent has negative consequences for the user (i.e., the user is barred from accessing the website). Instead, websites should offer users a real choice to accept or reject cookies. User who decide not to consent to the placing of tracking cookies should still be granted access to the website, for example, against the payment.
The Supervisory Authority addressed a letter to the companies about whom it received the most complaints. The authority also announced that it will carry out further verifications to ensure that the GDPR is correctly applied in this area.
The guidance of the Dutch authority is in line with an earlier decision of the Austrian Supervisory Authority discussed here.