Websites that restrict visitors from viewing and interacting with their content unless they first accept the use of cookies that track their browsing activities are violating the terms of the European Union's General Data Protection Regulation (GDPR), the Netherlands' Dutch Data Protection Authority (DDPA) has determined.

Also known as the Autoriteit Persoonsgegevens (AP), the DDPA said in a statement late last week that it is intensifying audit and compliance efforts and has contacted certain offending parties after receiving dozens of complaints from citizens who were denied access to web pages after refusing to accept cookie policies.

Under GDPR, website operators are allowed to request user permission to employ cookies, but that permission must be given freely. The use of so-called cookie walls that block users from accessing sites unless they accept cookies are therefore out of GDPR compliance because they effectively coerce users into granting permission, the AP argues.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.