EDPB publishes updated guidelines on consent under the GDPR
The European Data Protection Board updated its guidelines on consent under the General Data Protection Regulation (“EDPB Guidelines”) at the beginning of May.
Updated guidelines on consent under the GDPR
The task of the steering committee is to promote the uniform application of data protection rules by national authorities. The updated EDPB Guidelines stem from the Article 29 Working Party’s guidance on consent under the GDPR, which was already endorsed by the EDPB on April 18, 2018.
Key messages:
- With regard to cookie walls, the EDPB notes that website operators could not make access to content on their website conditional on a visitor agreeing to allow their data to be processed, as consent obtained in this way cannot be considered to be freely given.
- With respect to alternative implementations such as “swiping” or “scrolling,” the EDPB Guidelines further indicate that scrolling or swiping through a webpage or similar user activity does not constitute an affirmative action that meets the requirements for effective consent under the GDPR. Rather, the data controller would have to demonstrate that consent was obtained in this manner and that data subjects are able to withdraw their consent as easily as it was given.
The clarifications of the European Data Protection Board are in line with the decision of the ECJ in the “Planet49” case and the recent guidance of the supervisory authorities on cookie consent.