Updated guidelines on the meaning of consent were adopted on May 4, 200 by the European Data Protection Board under Regulation 2016/679 (GDPR)
You can access the updated guidelines by here.
The two key changes clarify that:
Websites and other services may not use ‘cookie walls’, as these do not permit valid consent to be collected.
‘Cookie walls’ require the user to agree to the placing or reading of cookies (or similar technologies) on the user’s device in order to access a website, service or functionality.
The EDPB gives the example of a website provider putting into place a script that blocks content from being visible except for (i) a request to accept cookies; and (ii) certain information about those cookies. There is no possibility to access the content without clicking on the ‘Accept cookies’ button. The EDPB takes the view that in these circumstances the website user is not presented with a genuine choice whether to consent or not. The consent is not ‘freely given’, and therefore not valid under the GDPR.
Actions such as scrolling or swiping through a webpage will not under any circumstances constitute valid consent under the GDPR.
This is because the GDPR requires consent to be given by ‘an unambiguous indication’ of wishes indicated by a statement or a ‘clear affirmative action’ of the user. Scrolling and swiping do not meet this requirement because they may be difficult to distinguish from other activities or interactions.
The guidance also clarifies that if consent is given by scrolling or swiping then it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it (another requirement for valid consent).