IAB Europe has been hit with a privacy complaint over its use of a “cookie wall,” which requires website visitors to consent to cookies in order to access the site.
“Consent walls are prohibited by the GDPR,” attorneys for Johnny Ryan, chief policy officer of the controversial ad-blocking browser Brave, allege in a complaint filed with privacy authorities in Ireland.
The group writes: “Neither the GDPR or ePrivacy Directive prohibit a website operator from making access to their website conditional on consent for cookies and/or any data processing associated with it.”
Ryan's complaint comes several weeks after Dutch regulators said privacy policies that require people to accept tracking cookies in order to access a website are illegal.
“With so-called 'cookie walls' on websites (no permission means no access) the permission is not given freely,” the Dutch authorities wrote in March. “Permission is not 'free' if someone has no real or free choice. Or if the person can not refuse giving permission without adverse consequences.”
Currently, that decision only applies in the Netherlands.
Ryan stated this week that his complaint will “make it plain that the media and advertising industry should not rely on IAB Europe for GDPR guidance.”
The official complaint elaborates that IAB Europe “has put itself forward as the primary designer of the online advertising industry's data protection notices, and has widely promoted the notion that access to content can be made conditional on consent for data processing that is not necessary for the requested service to be delivered.”
But IAB Europe counters that Ryan's complaint amounts to “an ongoing PR campaign against the digital advertising industry.”
“His unfounded and inaccurate accusations against IAB Europe are becoming ever more desperate,” the group writes.