Is cookie wall of online editors lawful?

Indeed, according to the press news of the Authority “several online newspapers, websites and companies operating on the Internet and in the television sector, have deployed systems and filters, conditioning the access to contents to a subscription (the so-called paywall) or, alternatively, to the release of consent by users to the installation of cookies and other personal data tracking tools (the so-called cookie wall)”.

In its Guidelines on cookies and other tracking tools of June 2021, the Authority updated the requirements on consents, banner and cookie management to the technical evolution of such tools. 

Among such requirements, the Authority declared the unlawfulness of the so-called cookie wall. According to the Italian DPA, such practice would not allow users to access content of a webpage unless by prior consent to cookies. Standing the noncompliance with art. 7 and 4, no. 11) of GDPR of this kind of methods, the Authority officially banned them. 

Such mechanism has indeed considered in breach of the requirement of the "freedom" of consent, thus unlawful, except for the hypothesis to be verified on a case-by-case basis. For instance, it could be allowed when “the website offers the data subject the possibility of accessing equivalent content or service without giving consent to the installation and use of cookies or other tracking tools”.

The initiative of investigating on news platforms could be another brick in terms of combination of privacy and consumer regulation of users on the websites. 

Nonetheless, the selective access of online services providers could be the next target of the authorities, and it may be starting from the information industry. And this could be a fortiori another kick to free information right, which in the information society is often hidden behind data-monetization. 

While we are still trying to understand if data-spying could be a real trade-off for surviving the 2020s and keeping on using technology as part of our life (or as a game-changer for our activities) new rules are just behind the corner. 

An example for that is the draft of the Digital Service Act, recently approved by the Council and regulating the perimeter of online platforms and search engines. 

Lesson learned: it is strictly important to know the rules of each Member State on data protection in the light of the GDPR and other combined regulations. 

All industries (especially online providers) shall be able to keep businesses, technology and data protection measures acting together on the same page (or webpage).