Tue. Feb 27th, 2024

Editor’s Note: Recently the European Data Protection Board (EDPB) published revised guidance on the concept of consent under the GDPR. Provided below is a series of extracts as well as a complete copy of the recent guideline update for consideration by data and legal discovery professionals.

Extract from an article by Claude-Etienne Armingaud and Natali Adison (National Law Review)

EU Data Protection: Updated EDPB Guidance on Consent Clarifies the Mechanism for Cookie Consent

Approaching its second anniversary this month, the European General Data Protection Regulation (GDPR) has never been as relevant as in these unprecedented COVID-19 times. While several countries are considering the implementation of contact tracing apps, a consensus has seemed to surface on subjecting their use to a voluntary basis. The notion of “consent” remains, therefore, the cornerstone (albeit not the only one) of the European data protection framework.

In that regard, the European Data Protection Board (EDPB) issued a revised take on one of the first guidelines published by its predecessor, the WP29, in April 2018, taking into consideration the difficulties encountered by the stakeholders in the operational implementation of GDPR compliance. These clarifications come at a time where discrepancies in interpreting what constitutes valid “consent” emerge between various Member States’ Supervisory Authorities, especially as applicable to the use of cookies and other tracking technologies (together, “cookies”).

Read the complete article at EU Data Protection: Updated EDPB Guidance

Extract from an article published on the Privacy & Information Security Law Blog (Hunton Andrews Kurth)

EDPB Publishes Updated Guidelines on Consent under the GDPR

The EDPB aimed to provide further clarity around the validity of consent obtained through cookie walls and on whether scrolling through a webpage could constitute clear and affirmative consent under the GDPR. With respect to cookie walls, the EDPB Guidelines state that these types of mechanisms—which prevent users who do not accept the use of cookies from accessing a site or mobile app—are unlawful, as consent obtained this way cannot be considered freely given. Likewise, the EDPB Guidelines indicate that scrolling or swiping through a webpage, or similar user activity, does not constitute affirmative action that meets the conditions for valid consent under the GDPR. This practice also does not allow for easy consent withdrawal, in the EDPB’s view, and should not be used.

Read the complete article at EDPB Published Updated Guidelines on Consent under the GDPR

Extract from an article published by OneTrust DataGuidance

EU: EDPB Adopts Guidelines on Consent Under the GDPR

Moreover, the Guidelines state that, under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), a service provider cannot prevent data subjects from accessing a service on the basis that they do not consent, and that access to services and functionalities must not be made conditional on the consent of a user to the placement of cookies in his/her terminal equipment. Furthermore, the Guidelines find that scrolling or swiping through a webpage, or similar user activity, will not satisfy the requirement of a clear and affirmative action, since it may be difficult to distinguish such actions from other activity or interaction of the user. Therefore, the Guidelines state that determining that unambiguous consent has been obtained will not be possible, and that it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it.

Read the complete article at EU: EDPB Adopts Guidelines on Consent under the GDPR

Extract from an article by Natasha Lomas (TechCrunch)

No Cookie Consent Walls – And No, Scrolling Isn’t Consent Says EU Data Protection Body

You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. Not if you need to be compliant with European data protection law.

That’s the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people’s data.

Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people’s personal data.

But in order for consent to be legally valid under Europe’s General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific, and freely given.

Hence cookie walls that demand ‘consent’ as the price for getting inside the club are not only an oxymoron but run into a legal brick wall.

Read the complete article at No Cookie Consent Walls – And No, Scrolling Isn’t Consent

Extract from an article by Patrick Van Eecke and Anne-Gabrielle Haie (DLA Piper)

Europe: EDPB Updates Its Guidelines on Concept of “Consent”

What does it mean for business? Businesses must make sure that:

  • Access to their service is not conditional to the user’s consent for the processing of his/her personal data;
  • Users are provided with a genuine choice to accept or to decline the use of cookies
  • Users are not prevented from accessing the website if they decline the use of cookies;
  • Cookies are not installed until the users have genuinely provided their consent by accepting the use of cookies.

Read the complete article at EDPB Updates Its Guidelines on Concept of “Consent”

Guidelines 05/2020 On Consent Under Regulation 2016/79

Read the Complete Updated EDPB Guidelines on Consent Under the GDPR (PDF) 

Updated EDPB Guidelines on Consent – 4 May 2020

Read the Original Guidelines from the European Data Protection Board

Additional Reading

Source: ComplexDiscovery


Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.


Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.