EDPB-05/2020-CW
legal
config_error
ai_generated
partial
AI advises a website operator that a cookie wall is GDPR-compliant if users can click 'Accept All' or 'Reject All'
ID: legal/gdpr-consent-cookie-wall
82%Fix Rate
88%Confidence
1Evidence
2023-03-15First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| GDPR (Regulation (EU) 2016/679) | active | — | — | — |
| ePrivacy Directive 2002/58/EC | active | — | — | — |
| EDPB Guidelines 05/2020 | active | — | — | — |
| IAB TCF 2.2 | active | — | — | — |
Root Cause
Under GDPR Article 7 and ePrivacy Directive, consent must be freely given; a cookie wall that denies access to content unless consent is provided invalidates consent under Article 4(11) and was explicitly rejected by the EDPB in Guidelines 05/2020.
generic中文
根据 GDPR 第 7 条和 ePrivacy 指令,同意必须自由给出;拒绝提供同意则拒绝访问内容的 cookie 墙使同意无效,EDPB 在指南 05/2020 中明确反对。
Official Documentation
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_enWorkarounds
-
85% success Implement a layered consent banner that allows granular opt-in per purpose (e.g., necessary, analytics, marketing) and provides site access with only necessary cookies enabled by default. Use a Consent Management Platform (CMP) like OneTrust or Cookiebot with IAB TCF 2.2 framework.
Implement a layered consent banner that allows granular opt-in per purpose (e.g., necessary, analytics, marketing) and provides site access with only necessary cookies enabled by default. Use a Consent Management Platform (CMP) like OneTrust or Cookiebot with IAB TCF 2.2 framework.
-
78% success Deploy a backend check that serves a lightweight version of the site (text-only, no trackers) when consent is refused, ensuring the service is still accessible without consent per Article 7(4). Example: if (!consent) { showBasicContent(); } else { loadTracking(); }
Deploy a backend check that serves a lightweight version of the site (text-only, no trackers) when consent is refused, ensuring the service is still accessible without consent per Article 7(4). Example: if (!consent) { showBasicContent(); } else { loadTracking(); }
中文步骤
Implement a layered consent banner that allows granular opt-in per purpose (e.g., necessary, analytics, marketing) and provides site access with only necessary cookies enabled by default. Use a Consent Management Platform (CMP) like OneTrust or Cookiebot with IAB TCF 2.2 framework.
Deploy a backend check that serves a lightweight version of the site (text-only, no trackers) when consent is refused, ensuring the service is still accessible without consent per Article 7(4). Example: if (!consent) { showBasicContent(); } else { loadTracking(); }
Dead Ends
Common approaches that don't work:
-
65% fail
Adding a 'Reject All' button alongside 'Accept All' does not fix the coercion if the reject path still blocks site access
-
50% fail
Storing consent as a boolean without recording the specific purposes or providing withdrawal mechanism leads to non-compliance under Article 7(3)