The Dutch Data Protection Agency (DPA) announced on Thursday that "cookie walls," which only allow website visitors to view a site if they consent to have their browsing tracked, violate the General Data Protection Regulation (GDPR) introduced by the European Union in May 2018.
Because so many sites rely on tracking visitors' activities, however, they have started looking for ways to maintain the status quo without risking punishment. That's where the "cookie walls" come in. The DPA explained thatit'd received dozens of complaints from citizens who could no longer access their favorite sites unless they agreed to be tracked. Now it's warned some of the biggest offenders (who were unidentified) to knock it off.
Both aspects of these cookie walls--their introduction and the DPA's stance on them--seem reasonable enough. GDPR requires companies to get consent before tracking browsing activity; why not make it hard to refuse that request by making acquiescence the only way to view a site? It was at least worth a shot. But it also makes sense for privacy regulators to force companies to follow the spirit of the law rather than just its letter.
These harder stances on privacy are becoming increasingly common, especially in Europe. The Norwegian Consumer Council criticized Google and Facebook for relying on UI "dark patterns" to gather information from users who might not actually want to be tracked. Germany's Federal Cartel Office, or Bundeskartellamt, prohibited Facebook from combining user data from its social network and the WhatsApp and Instagram subsidiaries.
And, of course, GDPR is having a continued effect on the industry. Between all those efforts--along with the many we haven't listed--it's only going to get harder for tech companies to gather as much information as possible about pretty much everyone who uses the Internet. (At least in Europe.)
