{"id":9076,"date":"2022-01-13T09:09:17","date_gmt":"2022-01-13T08:09:17","guid":{"rendered":"https:\/\/www.myagileprivacy.com\/new-cookie-law-scrolling-is-not-a-consensus\/"},"modified":"2025-07-01T17:51:03","modified_gmt":"2025-07-01T15:51:03","slug":"the-new-cookie-law-scrolling-is-not-consent","status":"publish","type":"post","link":"https:\/\/www.myagileprivacy.com\/en\/the-new-cookie-law-scrolling-is-not-consent\/","title":{"rendered":"The New Cookie Law: Scrolling Is Not Consent"},"content":{"rendered":"<p><strong>How many times, out of haste or annoyance, do we simply swipe away the privacy banner on our smartphone\u2014just to finally access the content we wanted?<\/strong><\/p>\n<p>Until recently, website operators routinely took advantage of this almost reflex action: they configured their cookie banners so that simply scrolling or dismissing the window (often unintentionally) was interpreted as consent to all cookies\u2014whether technical, for analytics, or for third-party marketing. For users, this \"consent\" was rarely intentional.<\/p>\n<p>However, starting January 9, 2022, the Italian Data Protection Authority (DPA) made it clear: <strong>scrolling or similar actions can no longer be considered valid consent<\/strong>. Consent must result from a deliberate, specific, and demonstrable action by the user.<\/p>\n<p>As the new guidance states:<\/p>\n<blockquote><p><em><br \/>\n\"According to recital 32, actions such as scrolling down a Web page or similar user activity will in no case satisfy the requirement of a clear and affirmative action (necessary for the validity of consent): such actions may be difficult to distinguish from other activities or interactions by a user, and therefore it will also not be possible to determine unambiguous consent [Reference: Art. 4.11 GDPR and in conjunction with it, Art. 7].\"<br \/>\n<\/em><\/p><\/blockquote>\n<p><strong>This means scrolling is no longer a valid means of collecting user consent.<\/strong> This is partly because such an action could result from an error (an accidental swipe, a mistaken mouse wheel movement), and partly because users haven\u2019t checked or don\u2019t even know what the site\u2019s default cookie settings are.<\/p>\n<p>Are we consenting only to technical cookies?<br \/>\nTo analytics?<br \/>\nTo the sale of our data for marketing of products and services we never requested?<\/p>\n<p>Previously, users often gave implicit \"yes\" to all this, only to be overwhelmed by unwanted emails, intrusive calls, and endless promotional messages.<\/p>\n<p>With the new cookie regulations, <strong>every choice must be made consciously<\/strong>. Consent must be:<\/p>\n<ul>\n<li><strong>Clear<\/strong>: the action must be unmistakable (not confused for another, or accidental).<\/li>\n<li><strong>Affirmative<\/strong>: intentionally made to provide or withhold consent, or to express preferences in detail.<\/li>\n<\/ul>\n<p>Only unambiguous consent is considered a legal basis for installing non-technical cookies or accessing those already installed, as required by Art. 122 of the Italian Privacy Code and Art. 6 of the GDPR.<\/p>\n<p>Also remember: <strong>The data controller must be able to prove valid consent was obtained<\/strong> and is solely liable for any non-compliance.<\/p>\n<p>This is why cookie settings must, by default, be set to \u201cdeny\u201d (except for essential technical cookies). All other cookies must be pre-blocked and activated only after the user\u2019s explicit choice.<\/p>\n<p>For more detailed guidance, see <a href=\"https:\/\/edpb.europa.eu\/our-work-tools\/our-documents\/guidelines\/guidelines-052020-consent-under-regulation-2016679_it\" target=\"_blank\" rel=\"noopener\">EDPB Guidelines no. 5\/2020<\/a> (European Data Protection Board).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>How many times, out of haste or annoyance, do we simply swipe away the privacy banner on our smartphone\u2014just to finally access the content we wanted? Until recently, website operators routinely took advantage of this almost reflex action: they configured their cookie banners so that simply scrolling or dismissing the window (often unintentionally) was interpreted [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9447,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[75],"tags":[],"class_list":["post-9076","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compliance-updates"],"acf":{"visibilita_box_autore":false,"autore_associato":null,"elenco_faq_articolo":[{"domanda":"Why is scrolling on a web page not considered valid consent to cookies?","risposta":"Scrolling is not considered valid consent because, according to the new guidelines, it does not constitute a clear and affirmative action. It can happen by mistake (an accidental touch or unintentional mouse movement) and does not allow for unambiguous consent to be determined, as required by Art. 4.11 GDPR and Art. 7."},{"domanda":"When did the Data Protection Authority's new interpretation of cookie consent come into effect?","risposta":"The Data Protection Authority clarified the new interpretation after January 9, 2022, establishing that consent must be the result of a specific, demonstrable, and unambiguous action on the part of the user."},{"domanda":"What characteristics must valid consent for the installation of non-technical cookies have?","risposta":"Consent must be clear, meaning an action that cannot be confused or done by mistake, and affirmative, meaning deliberately performed to express or deny consent even for only certain categories of cookies."},{"domanda":"How must the cookie banner be configured by default to comply with the new provisions?","risposta":"The cookie configuration must be set to 'reject' by default (with the exception of technical cookies). Other cookies may only be activated after explicit consent has been collected from the user."},{"domanda":"Who is responsible for demonstrating that cookie consent was validly obtained?","risposta":"The responsibility for demonstrating valid consent always lies with the data controller, who will also be the only party subject to penalties in the event of irregularities."},{"domanda":"Which regulations govern the validity of consent for the installation of non-technical cookies?","risposta":"The validity of consent for the installation of non-technical cookies and\/or for accessing those already installed is governed by Art. 122 of the Privacy Code and Art. 6 of the GDPR."},{"domanda":"Where can further information on the new cookie rules be found?","risposta":"For further information on the topic, you can consult the EDPB guidelines no. 5\/2020 and the Data Protection Authority's FAQ."}],"url_esterno":""},"_links":{"self":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/9076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/comments?post=9076"}],"version-history":[{"count":5,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/9076\/revisions"}],"predecessor-version":[{"id":13519,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/posts\/9076\/revisions\/13519"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/media\/9447"}],"wp:attachment":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/media?parent=9076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/categories?post=9076"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/tags?post=9076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}