The Age of Consent? European Data Protection Board Guidance on Consent Under the GDPR

The European Data Protection Board (EDPB) is an independent European body that contributes to the consistent application of data protection rules throughout the European Union and promotes cooperation between the EU’s data protection authorities. The following update shares an overview of recent EDPB guidance on the concept of consent under the EU General Data Protection Regulation (GDPR).

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Editor’s Note: Recently the European Data Protection Board (EDPB) published revised guidance on the concept of consent under the GDPR. Provided below is a series of extracts as well as a complete copy of the recent guideline update for consideration by data and legal discovery professionals.


Extract from an article by Claude-Etienne Armingaud and Natali Adison (National Law Review)

EU Data Protection: Updated EDPB Guidance on Consent Clarifies the Mechanism for Cookie Consent

Approaching its second anniversary this month, the European General Data Protection Regulation (GDPR) has never been as relevant as in these unprecedented COVID-19 times. While several countries are considering the implementation of contact tracing apps, a consensus has seemed to surface on subjecting their use to a voluntary basis. The notion of “consent” remains, therefore, the cornerstone (albeit not the only one) of the European data protection framework.

In that regard, the European Data Protection Board (EDPB) issued a revised take on one of the first guidelines published by its predecessor, the WP29, in April 2018, taking into consideration the difficulties encountered by the stakeholders in the operational implementation of GDPR compliance. These clarifications come at a time where discrepancies in interpreting what constitutes valid “consent” emerge between various Member States’ Supervisory Authorities, especially as applicable to the use of cookies and other tracking technologies (together, “cookies”).

Read the complete article at EU Data Protection: Updated EDPB Guidance


Extract from an article published on the Privacy & Information Security Law Blog (Hunton Andrews Kurth)

EDPB Publishes Updated Guidelines on Consent under the GDPR

The EDPB aimed to provide further clarity around the validity of consent obtained through cookie walls and on whether scrolling through a webpage could constitute clear and affirmative consent under the GDPR. With respect to cookie walls, the EDPB Guidelines state that these types of mechanisms—which prevent users who do not accept the use of cookies from accessing a site or mobile app—are unlawful, as consent obtained this way cannot be considered freely given. Likewise, the EDPB Guidelines indicate that scrolling or swiping through a webpage, or similar user activity, does not constitute affirmative action that meets the conditions for valid consent under the GDPR. This practice also does not allow for easy consent withdrawal, in the EDPB’s view, and should not be used.

Read the complete article at EDPB Published Updated Guidelines on Consent under the GDPR


Extract from an article published by OneTrust DataGuidance

EU: EDPB Adopts Guidelines on Consent Under the GDPR

Moreover, the Guidelines state that, under the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’), a service provider cannot prevent data subjects from accessing a service on the basis that they do not consent, and that access to services and functionalities must not be made conditional on the consent of a user to the placement of cookies in his/her terminal equipment. Furthermore, the Guidelines find that scrolling or swiping through a webpage, or similar user activity, will not satisfy the requirement of a clear and affirmative action, since it may be difficult to distinguish such actions from other activity or interaction of the user. Therefore, the Guidelines state that determining that unambiguous consent has been obtained will not be possible, and that it will be difficult to provide a way for the user to withdraw consent in a manner that is as easy as granting it.

Read the complete article at EU: EDPB Adopts Guidelines on Consent under the GDPR


Extract from an article by Natasha Lomas (TechCrunch)

No Cookie Consent Walls – And No, Scrolling Isn’t Consent Says EU Data Protection Body

You can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. Not if you need to be compliant with European data protection law.

That’s the unambiguous message from the European Data Protection Board (EDPB), which has published updated guidelines on the rules around online consent to process people’s data.

Under pan-EU law, consent is one of six lawful bases that data controllers can use when processing people’s personal data.

But in order for consent to be legally valid under Europe’s General Data Protection Regulation (GDPR) there are specific standards to meet: It must be clear and informed, specific, and freely given.

Hence cookie walls that demand ‘consent’ as the price for getting inside the club are not only an oxymoron but run into a legal brick wall.

Read the complete article at No Cookie Consent Walls – And No, Scrolling Isn’t Consent


Extract from an article by Patrick Van Eecke and Anne-Gabrielle Haie (DLA Piper)

Europe: EDPB Updates Its Guidelines on Concept of “Consent”

What does it mean for business? Businesses must make sure that:

  • Access to their service is not conditional to the user’s consent for the processing of his/her personal data;
  • Users are provided with a genuine choice to accept or to decline the use of cookies
  • Users are not prevented from accessing the website if they decline the use of cookies;
  • Cookies are not installed until the users have genuinely provided their consent by accepting the use of cookies.

Read the complete article at EDPB Updates Its Guidelines on Concept of “Consent”


Guidelines 05/2020 On Consent Under Regulation 2016/79

Read the Complete Updated EDPB Guidelines on Consent Under the GDPR (PDF) 

Updated EDPB Guidelines on Consent – 4 May 2020

Read the Original Guidelines from the European Data Protection Board


Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Reveal Acquires NexLP

According to Jay Leib, Co-Founder and CEO of NexLP, "We chose...

Predictive Coding Technologies and Protocols: Fall 2020 Survey

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Predictive Coding Technologies and Protocols: Fall 2020 Survey

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Reveal Acquires NexLP

According to Jay Leib, Co-Founder and CEO of NexLP, "We chose...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

[New Survey]
[New Survey]