The European Data Protection Board presented its cookie wall guidelines back in May. Recently however, the French Conseil d’Etat (Council of State court) decided that cookie walls are not banned by the General Data Protection Regulation. Instead, according to the decision made on 19 June 2020, in applying GDPR an assessment is to be made whether consent is freely given or not. Which in turn allowed the French court to decide that the French Data Protection Authority, CNIL, has gone beyond its remit by imposing a norm which is not presented in the law, explicitly.
Meanwhile, the EPC recognises the non-binding measures of the EDPB guidelines, however, notes that consistent rules need to apply.
Angela Mills Wade, EPC’s Executive Director said “Any guidance on cookie walls has broad implications. The right to Data Protection must always be balanced with other fundamental rights, such as freedom of expression and information and freedom to conduct a business. We call upon regulators therefore to take stock of all the relevant implications, from existing business models, and competition issues, to data protection and the user’s right to access to information”.
The letter is found below.