Swiping and scrolling is not consent, says EU data watchdog

Updated guidelines aim to address ambiguity in the application of GDPR

The European Data Protection Board (EDPB) has updated a section of the GDPR to give clearer advice around the use of consent on web pages. 

The new advice now states that scrolling or swiping through a website should not be interpreted as "consent" and can no longer be used as a signal to begin tracking user data.

Advertisement - Article continues below

The board have also provided further clarification on the validity of "cookie-walls", reiterating to companies that the use of cookie consent boxes that require a user to consent in order to view content is in breach of GDPR.

Where swiping or scrolling is concerned, the example given by the EDPB clarifies that the data controller must be able to demonstrate that consent was obtained this way and that data subjects must be able to withdraw consent as easily as it was given.

"Swiping a bar on a screen, waiving in front of a smart camera, turning a smartphone around clockwise, or in a figure-eight motion may be options to indicate agreement, as long as clear information is provided, and it is clear that the motion in question signifies agreement to a specific request (e.g. if you swipe this bar to the left, you agree to the use of information X for purpose Y. Repeat the motion to confirm.")," the guidelines state.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

On the topic of cookie consent walls, the board specifically called out websites that prohibit access to content unless consent is given.

Related Resource

Don’t just collect data, innovate with it.

Removing the barriers to the experience economy

Download now

"A website provider puts into place a script that will block content from being visible except for a request to accept cookies and the information about which cookies are being set and for what purposes data will be processed," the guidelines explain.

"There is no possibility to access the content without clicking on the 'Accept cookies' button. Since the data subject is not presented with a genuine choice, its consent is not freely given. This does not constitute valid consent, as the provision of the service relies on the data subject clicking the 'Accept cookies' button."

Although much of the guidance is already set out under GDPR, some ambiguity in the text has led to incongruity in the application of the law on websites across Europe.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020