Forcing users to give their consent to be able to browse a website, forcing them to accept tracking cookies, means a violation of the General Data Protection Regulation. The conclusion of the European Data Protection Committee that recently updated the rules that websites must follow when it comes to online consent.
In the new version of the general guidelines, the entity stresses that consent is one of the bases on which the GDPR is based. To be legally valid, consent must be clear, informed, explicit, and cannot be forced.
The European Data Protection Committee document explains that the cookie barrier is not a valid way of obtaining users' consent. The entity stresses that forcing users to click the Accept Cookies button does not present itself as a genuine choice.
Another of the points highlighted in the new version of the regulation focuses on the issue of implicit consent, that is, the possibility for a user in European territory to visit a website without indicating his preferences regarding cookies. The Committee states that no website or digital service can validate the act of scrolling through its pages as consent.
It is recalled that in January an investigation carried out by MIT, in the USA, by University College, in London, and by Aarhus University, in Denmark, revealed the prevalence of websites with designs that manipulate and even were the users to respond from a way that does not protect your data.
The investigation looked at around 10,000 websites in the UK that are managed by companies like QuantCast, OneTrust, TrustArc, Cookiebot and Crownpeak. Several of the web pages use consent management platforms (CMP) to obtain permission for tracking cookies.
The pop-ups that appear on the websites often contain options that arrive pre-selected, something that usually goes unnoticed by the most unsuspecting users. Although it is not a legally valid practice, 56.2% of the websites analyzed contained the type of options in question.