Dutch Data Protection Authority Declares Cookie Walls Violate GDPR

The General Data Protection Regulation (the “GDPR”) is still in its first year of implementation. Given that it is relatively new, different aspects and outcomes of the law are still in their infancy, and we are all still in the process of realizing and understanding its significance and impact in various ways. Recently, the Dutch Data Protection Authority (the Dutch “DPA”) identified a new issue regarding the use of cookie walls that companies will face in complying with the GDPR.

The GDPR allows companies to employ cookies on their websites, as long as the user consents to the usage of those cookies. However, after receiving numerous complaints, the Dutch DPA has declared the usage of cookie walls to be non-conforming under the GDPR. Through cookie walls, companies can block consumers from accessing their websites unless those consumers consent to the usage of cookies. The Dutch DPA has stated that this practice is corrupt in its nature and unfairly coerces consent from consumers. Thus, as the Dutch DPA and other DPAs in the EU audit companies, it seems that all of those authorities will be on the lookout for this corrupt practice moving forward.

Companies seeking to comply with the GDPR need to ensure they are not employing these practices. It will also behoove U.S. companies that may not currently be complying with the GDPR to analyze their usage of cookie walls due to the growing presence of domestic regulations such as the California Consumer Privacy Act (the “CCPA”), which will be implemented in January of 2020. The CCPA specifically condemns discrimination against consumers who refuse to give consent to the collection and distribution of their personal information. The CCPA demonstrates a movement by various U.S. jurisdictions toward stricter data privacy regulation and compliance requirements for domestic companies, and complying with stricter consumer data measures is a major concern for all companies that may process or otherwise receive consumer data in the future.

Our experienced attorneys at Dickie, McCamey & Chilcote, P.C. will continue to provide updates on this latest development (and others to be forthcoming) as the global trend toward stricter data privacy regulation continues. If you have any questions or concerns, please contact us; and we will be happy to work with you and to help equip your company for compliance in this constantly evolving area.

The material on this site is for general informational purposes only and is not intended to be, and should not be construed to be, legal advice. There shall be no liability accepted as a result of any improper reliance on the material on this site. A qualified lawyer should always be consulted with regard to any specific legal issue or problem.