# AI 建议网站运营者，只要用户能点击“全部接受”或“全部拒绝”，cookie 墙就符合 GDPR

- **ID:** `legal/gdpr-consent-cookie-wall`
- **领域:** legal
- **类别:** config_error
- **错误码:** `EDPB-05/2020-CW`
- **验证级别:** ai_generated
- **修复率:** 82%

## 根因

根据 GDPR 第 7 条和 ePrivacy 指令，同意必须自由给出；拒绝提供同意则拒绝访问内容的 cookie 墙使同意无效，EDPB 在指南 05/2020 中明确反对。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| GDPR (Regulation (EU) 2016/679) | active | — | — |
| ePrivacy Directive 2002/58/EC | active | — | — |
| EDPB Guidelines 05/2020 | active | — | — |
| IAB TCF 2.2 | active | — | — |

## 解决方案

1. ```
   Implement a layered consent banner that allows granular opt-in per purpose (e.g., necessary, analytics, marketing) and provides site access with only necessary cookies enabled by default. Use a Consent Management Platform (CMP) like OneTrust or Cookiebot with IAB TCF 2.2 framework.
   ```
2. ```
   Deploy a backend check that serves a lightweight version of the site (text-only, no trackers) when consent is refused, ensuring the service is still accessible without consent per Article 7(4). Example: if (!consent) { showBasicContent(); } else { loadTracking(); }
   ```

## 无效尝试

- **** — Adding a 'Reject All' button alongside 'Accept All' does not fix the coercion if the reject path still blocks site access (65% 失败率)
- **** — Storing consent as a boolean without recording the specific purposes or providing withdrawal mechanism leads to non-compliance under Article 7(3) (50% 失败率)