AI 建议网站运营者,只要用户能点击“全部接受”或“全部拒绝”,cookie 墙就符合 GDPR
AI advises a website operator that a cookie wall is GDPR-compliant if users can click 'Accept All' or 'Reject All'
ID: legal/gdpr-consent-cookie-wall
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| GDPR (Regulation (EU) 2016/679) | active | — | — | — |
| ePrivacy Directive 2002/58/EC | active | — | — | — |
| EDPB Guidelines 05/2020 | active | — | — | — |
| IAB TCF 2.2 | active | — | — | — |
根因分析
根据 GDPR 第 7 条和 ePrivacy 指令,同意必须自由给出;拒绝提供同意则拒绝访问内容的 cookie 墙使同意无效,EDPB 在指南 05/2020 中明确反对。
English
Under GDPR Article 7 and ePrivacy Directive, consent must be freely given; a cookie wall that denies access to content unless consent is provided invalidates consent under Article 4(11) and was explicitly rejected by the EDPB in Guidelines 05/2020.
官方文档
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052020-consent-under-regulation-2016679_en解决方案
-
Implement a layered consent banner that allows granular opt-in per purpose (e.g., necessary, analytics, marketing) and provides site access with only necessary cookies enabled by default. Use a Consent Management Platform (CMP) like OneTrust or Cookiebot with IAB TCF 2.2 framework.
-
Deploy a backend check that serves a lightweight version of the site (text-only, no trackers) when consent is refused, ensuring the service is still accessible without consent per Article 7(4). Example: if (!consent) { showBasicContent(); } else { loadTracking(); }
无效尝试
常见但无效的做法:
-
65% 失败
Adding a 'Reject All' button alongside 'Accept All' does not fix the coercion if the reject path still blocks site access
-
50% 失败
Storing consent as a boolean without recording the specific purposes or providing withdrawal mechanism leads to non-compliance under Article 7(3)