The Dutch Data Protection Authority has recently issued a statement, that appeals that cookie walls used by websites and apps to track their visitors’ Internet browsing for ad-targeting, do not comply with The General Data Protection Regulation (GDPR.)

Websites generally demand their visitors to accept cookies or any digital method of tracking as a pay to access their content. DPA declares that it has received numerous complaints that some websites are only open when the visitor accepts cookies, and so it has decided to tighten its grip on the issue. Websites that are complained about the most shall be monitored on priority basis and such cases shall be taken with more care.

The chairman of DPA, Aleid Wolfsen claimed that digital tracking collects personal data of people on a very large share. To protect privacy, he said, it becomes important that websites and apps request permission from their visitors. Besides preventing the tracking of Internet browsing without having consent, the concern also states that the personal information of a visitor shall be safe and the visitor must trust the Internet for the same. So, the netizens must be asked for permission before websites or apps have hands-on their personal data, and the denial in the same must not be disrespected.

Dutch DPA writes that users should trust the websites regarding their data and personal information. It goes on to state that websites and apps can and must use cookies and other methods that are necessary for their working and there is no restriction to that. But the use of the data and analysis of the user’s behavior and habits must be done only after asking for permission, and that permission must be completely free. Users should be given an option to deny cookies and tracking software that are not necessary for the functioning of the website or an app.

A spokesperson from DPA was questioned on the same, by TechCrunch, when he quoted that Cookie walls are non-compliant with the principles of consent of the GDPR. He continued to state that any website or app with a cookie wall on its page must be reported as soon as possible.

The spokesperson also assured that the matter will be looked in surely even if not in a couple of months.

Cookies that are necessary for the functioning of apps and websites, or the ones that do not demand personal information or data, skip the critical eyes of DPA. However, other kinds of cookies do stand in the lists of concern.

Internet Advertising Bureau (IAB)’s European site makes a perfect example of what not to do. Their website basically wants visitors to agree to various cookies that demand personal information or issue ads in a single click under the title ‘I AGREE.’

TechCrunch approached IAB questioning about the concerned issue when a spokeswoman claimed that GDPR does not really prohibit making access to content when consent is asked. IAB’s director for privacy and public policy claimed that they do not intend to make any changes to their cookie banner for the law does not demand them to let the users access the content without agreeing to their cookies as a condition.

He continued to claim that law is complicated and that when a browser connects to a web link, it basically requests for the content of the website, and hence hinting that it’s the publisher who holds the power to show his content upon certain conditions. He also stated that there is nothing in GDPR that demands him to show his content to everyone and that it is completely legit to determine conditions for showing the content. He claimed that it is his right to not show his website to certain people as much as it is their right not to agree to all cookies and tracking software.

IAB clearly offends the statement of DPA that clearly states that “When cookie walls on websites that do not grant access unless permissions are not accepted, the permissions cannot be considered to be given ‘freely.’ GDPR says that permission is not ‘free’ if the visitor has no real choice. Or if the person cannot refuse giving permission without unfavorable consequences.”

The access to users’ personal data allows websites to earn more and more, and the critical eye over the cookie walls that do not comply with GDPR might reduce the publishers’ profit to a great extent. However, this sure might help the netizens trust the Internet and might happen that websites earn more visitors when the awareness spreads positively.