Cookie paywalls allow visitors of a website to access its content only after they make a choice between paying a fee or accept tracking. European Data Protection Authorities (DPAs) recently issued guidelines and decisions on paywalls lawfulness, but it is yet unknown whether websites comply with them. We study in this paper the prevalence of cookie paywalls on the top one million websites using an automatic crawler. We identify 431 cookie paywalls, all using the Transparency and Consent Framework (TCF). We then analyse the data these paywalls communicate through the TCF, and in particular, the legal grounds and the purposes used to collect personal data. We observe that cookie paywalls extensively rely on legitimate interest legal basis systematically conflated with consent. We also observe a lack of correlation between the presence of paywalls and legal decisions or guidelines by DPAs.

翻译：Cookie付费墙要求网站访问者必须在支付费用或接受跟踪之间做出选择后才能访问其内容。欧洲数据保护机构近期发布了关于付费墙合法性的指南与裁决，但网站是否遵守这些规定尚不明朗。本文通过自动爬虫技术，对排名前一百万的网站中Cookie付费墙的普及情况进行了研究。我们识别出431个Cookie付费墙，这些均采用透明度与同意框架（TCF）。随后，我们分析了这些付费墙通过TCF传输的数据，特别是收集个人数据所依据的法律基础与目的。我们发现，Cookie付费墙广泛依赖合法利益法律基础，且系统性将其与同意混为一谈。同时，我们也观察到付费墙的存在与数据保护机构的法律裁决或指南之间缺乏相关性。