Have you ever landed on a site that prevents you from viewing content unless you accept profiling cookies or subscribe? If yes, you have experienced a cookie wall.
What are cookie walls? Cookie walls are a form of access mechanism that requires users to agree to the site owner’s collection and use of their data. One of the goals is the monetization of personal data, that is, any transformation of personal data into a form that enables to generate a revenue. It is therefore a way to profit from the user’s personal information.
Benefits and risks of cookie walls
A cookie wall is an effective way for site operators to monetize their content, as it allows them to collect data on users and use it for advertising or commercial purposes, thus generating revenue. They can also resell that data to third parties. But site operators can also make money if users reject cookies and decide to subscribe to access content.
However, accepting profiling also benefits users. In fact, it allows them to access blocked content and view personalized content and advertisements. In other words, cookies can improve their user experience.
Nevertheless, they can generate some privacy-related problems.
First, collecting personal data without the user’s direct consent is a violation of the GDPR, and the fines for such violations are high. Second, users may feel obligated to accept cookies, as if they have no other choice. Finally, cookie walls may constitute a form of social exclusion, as some users would not be able to subscribe to the proposed subscription alternative and, therefore, would be precluded from accessing content on a discriminatory basis.
Reference regulations
When it comes to cookie walls, the main reference in Europe is the European Directive 2002/58/EC, or ePrivacy Directive. It indicates the rules on the protection of personal data in the electronic communication services sector to ensure confidentiality of communications for all European citizens. According to this directive, users must be informed about the use of cookies and give their express consent to the processing of personal data.
As a result of this, site operators have applied the most imaginative techniques to obtain such consent, prompting the Data Protection Authorities to intervene by imposing a ban on the use of deceptive methods. The cookie wall has thus become the most popular solution, as consent remains free but, at the same time, is almost a forced choice for anyone who wants to access content.
Regarding cookie walls, the European Data Protection Board (EDPB) 5/2020 reiterates that: “In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called cookie walls)”
What the GDPR says
As far as the GDPR is concerned, since the use of cookies is a processing of personal data, the site operator has an obligation to provide users with the information required by the Regulation itself, as well as to obtain consent to the use of cookies. This consent must be expressed unambiguously and thoughtfully, i.e., without the application of forcing such as that found in cookie walls.
In addition, the GDPR requires transparency in the use of personal data and that the user is always informed about who collects the data, for what purpose, and what the destination will be. In fact, although the GPDR is the benchmark for privacy protection, it does not aim to restrict the movement of data. On the contrary, in Article 1(3), the Regulation states: “The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data”.
In the end, are cookie walls legitimate or not?
According to regulations, cookie walls are not expressly prohibited. However, if the user’s consent is obtained indirectly or by impairing the user’s freedom of choice, the use of the cookie wall is illegitimate. In short, site operators may use cookie walls to monetize their content, but they must ensure that users are informed about their use and freely consent. In addition, users must be able to revoke that consent at any time.
Ultimately, cookie walls can be an effective solution for content monetization, but only when used in compliance with current regulations.