Cookie paywalls allow visitors of a website to access its content only after they make a choice between paying a fee or accept tracking. European Data Protection Authorities (DPAs) recently issued guidelines and decisions on paywalls lawfulness, but it is yet unknown whether websites comply with them. We study in this paper the prevalence of cookie paywalls on the top one million websites using an automatic crawler. We identify 431 cookie paywalls, all using the Transparency and Consent Framework (TCF). We then analyse the data these paywalls communicate through the TCF, and in particular, the legal grounds and the purposes used to collect personal data. We observe that cookie paywalls extensively rely on legitimate interest legal basis systematically conflated with consent. We also observe a lack of correlation between the presence of paywalls and legal decisions or guidelines by DPAs.

翻译：Cookie付费墙要求网站访问者在付费或同意追踪之间做出选择后才能访问内容。欧洲数据保护机构近期发布了关于付费墙合法性的指南和裁决，但网站是否遵守这些规定尚不清楚。本文通过自动爬虫技术，对前一百万个热门网站中Cookie付费墙的普及程度进行了研究。我们识别出431个Cookie付费墙，均使用透明与同意框架（TCF）。随后，我们分析了这些付费墙通过TCF传输的数据，特别是收集个人数据的法律依据和目的。我们发现，Cookie付费墙普遍系统性地将合法利益这一法律基础与同意混为一谈。同时，我们也观察到付费墙的存在与数据保护机构的裁决或指南之间缺乏关联性。