Logo
Media Centre

EDPB Issues Updated Guidelines on Consent

Ariel Yosefi

7 May 2020

07/05/2020
Technology & Regulation in the Spotlight

The European Data Protection Board (“EDPB”) has published new guidelines on consent under the General Data Protection Regulation (“GDPR”). These guidelines are updating and replacing the previous guidelines published in 2018 by the former EU data protection advisory regulator, the Article 29 Working Party, which were endorsed by the EDPB.

The updated guidelines provide clarifications on the validity of two specific methods of obtaining consent. The first is obtaining consent using “cookie walls” and the second is whether actions like scrolling or swiping can be considered valid consent under the GDPR, as well as the ePrivacy Directive which requires consent to be valid under the GDPR (see our related report concerning the ECJ’s ruling on this subject).

The GDPR defines consent as “freely given, specific, informed and unambiguous indication of the subject’s wishes… by a statement or by a clear affirmative action…”. According to the updated guidelines, providing consent for the processing of personal information or the use of tracking technologies (such as cookies), cannot be considered as freely given if provided as a condition to use or access a website or a service – a practice also known as “cookie wall”. The EDPB dismisses arguments suggesting that consent can be considered freely given if an equivalent service is offered by a different controller that does not require consent. In such cases, the freedom of choice would be made dependent on what other market players do and whether the data subject would find the other services equivalent. In addition, this will require controllers to monitor market developments and their competitors, as they may alter their services or business models at any time. Accordingly, in order for consent to be freely given, the access to services and functionalities must not be made conditional on the data subject’s consent to the storing of or gaining access to information.

The EDPB also addresses the question of implying consent from certain user activities. According to the EDPB, actions such as scrolling, swiping through a webpage, or similar user activities will not, under any circumstances, be considered valid consent. Such actions may be difficult to distinguish from other activities or interactions and therefore do not satisfy the requirement of a clear and affirmative action and cannot be seen as unambiguous. In addition, relying on such actions will make it difficult for controllers to provide a way for data subjects to withdraw their consent in a manner that is as easy as granting it.

The updated guidelines require website and mobile app operators to review the mechanisms through which consent is being obtained for using cookies, SDKs and other tracking technologies. Please do not hesitate to contact us if you have any questions on the practical and legal implications of the updated guidelines.

*******************

Please feel free to contact us if you have any questions regarding the effect and implications of the CCPA, including the abovementioned exemptions and their limitations.

Kind regards,

Ariel Yosefi, Partner

Co-Head | Technology & Regulation Department

Herzog Fox & Neeman

Related Practice Areas

Related Lawyers

More news

Nebraska is the 17th US State to Adopt Comprehensive Data Protection Legislation
Maryland is the 16th US State to Pass Comprehensive Consumer Privacy Legislation
Kentucky is the 15th US State to Adopt Comprehensive Data Protection Legislation
JOIN OUR
Newsletter

    © 2020, All rights reserved, Herzog Law
    Site by Gootte

    The information contained in this web site is provided for informational purposes only and should not be construed as legal advice on any subject matter and should not be relied upon as such. Herzog accepts no responsibility for any consequences whatsoever arising from use of the information contained in this web site. The accessing of information contained in this web site shall under no circumstances be considered as creating an attorney-client relationship between Herzog and any party accessing this web site. Contacting through email any lawyer named in this web site or sending information without prior agreement of Herzog shall not be construed as automatically creating an attorney-client relationship between Herzog and the party sending an email or information. The material contained in this web site has been created by and remains the property of Herzog. No reproduction, transmission, publication or any other form of dissemination shall be permitted unless the prior written consent of Herzog has been obtained. This web site may contain links to other web sites operated by third parties. Herzog does not sponsor, approve or endorse the content of any such web site and is not responsible for the materials appearing in such sites.

    Search by
    Search by +

    Search