[anotheryou]

It's not illegal to just cookie-wall your whole site without options, or is it?

This site here e.g. does it: https://www.spiegel.de/

imprint is still reachable, but if you want to read this news site you'll have to allow all the tracking crap.

[ezzato]

The DPA (Lower Saxony) says it's not. German link: https://lfd.niedersachsen.de/startseite/themen/internet/date...

They call it Nudging.

I might translate this to a proper blog post in English.

[estaseuropano]

I noticed that too. A lot of German media started doing this ("pur" subscription vs "full" subscription which also gives access to additional paywalled articles). I would be surprised if these huge publishers didn't do their legal legwork - or they are doing it just waiting for a test lawsuit to clarify the reading of the law.

[anotheryou]

the freemium in itself is certainly legal. In the case of spiegel though it's really accepting tracking for the free articles. sz.de e.g. has the usual toggle option for the different cookies.

[Drakim]

A big part of GDPR is that you can't just say "by using our site you agree to forgo your GDPR rights" or "click here to agree not to invoke your GDPR rights" or anything like that.

[anotheryou]

And you are allowed to give data to any other party if they sign to agree with gdpr and you want their services...

[w14]

Accessing the site with javascript switched off seems to defeat this.

[notimetorelax]

It is illegal, they cannot offer free but tracked vs paid and untracked service. I guess GDPR enforcement didn't reach them yet.

[anotheryou]

weird. they are well known in germany

[notimetorelax]

I think enforcement is not there yet, here’s another very similar example: https://iapp.org/news/a/ico-tells-washington-post-it-offers-...

[dogma1138]

Yes you can, you can provide an add supported service with tracking and a paid one without.

Both via legitimate interest and consent.

[alkonaut]

The service cannot be dependent on the acceptance of third party cookies, no. That is, the service provided to those that reject third party cookies cannot be worse (slower or incomplete, for example) compared to the visitors who accept cookies.

So you can supply an ad supported version and a paid version without ads, but you cannot require that those that choose the ad supported version must accept tracking ads.

[dogma1138]

I have gotten confirmation from several DPAs that state a very different interpretation.

You can’t segregate the same service, two distinct services one that is provided with ads that include 3rd party cookies and a separate paid service that does not is perfectly fine.

What you cannot do is to create multiple tiers in a free service based on different levels of tracking.

[alkonaut]

That sounds like an extremely business friendly interpretation of the regulation. Creating a separate service (the paid one) shouldn’t in any way change the circumstances for the first service (the one with ads).

What you are describing sounds like a business can simply declare “well untargeted ads doesn’t pay enough so the options are tracking ads or paid subscriptions”. The regulation shouldn’t and doesn’t let a site make that decision. It would make it completely useless!

[dogma1138]

DPAs including the German on are quite “business” friendly unless it will be challenged in court.

You can’t force someone to provide their business at a loss.

As long as you don’t penalize or segregate users based on their decision alone it does not run afoul of GDPR, neither does blocking someone completely you just need to have a valid business reason for doing that and it has to be tied to the nature of the service including how it’s funded.

[notimetorelax]

I was careful in my post to write tracked vs untracked. Sure they can show the ads, just don’t track me unless I consent.