Cookie paywalls allow visitors of a website to access its content only after they make a choice between paying a fee or accept tracking. European Data Protection Authorities (DPAs) recently issued guidelines and decisions on paywalls lawfulness, but it is yet unknown whether websites comply with them. We study in this paper the prevalence of cookie paywalls on the top one million websites using an automatic crawler. We identify 431 cookie paywalls, all using the Transparency and Consent Framework (TCF). We then analyse the data these paywalls communicate through the TCF, and in particular, the legal grounds and the purposes used to collect personal data. We observe that cookie paywalls extensively rely on legitimate interest legal basis systematically conflated with consent. We also observe a lack of correlation between the presence of paywalls and legal decisions or guidelines by DPAs.

翻译：Cookie付费墙要求网站访问者在支付费用或接受追踪之间做出选择后才能访问内容。欧洲数据保护机构（DPA）近期就付费墙的合法性发布了指南与裁决，但网站是否遵循这些规定尚不明确。本文通过自动爬虫对前一百万个网站中的Cookie付费墙普及程度展开研究。我们识别出431个Cookie付费墙，这些均使用透明与同意框架（TCF）。随后分析这些付费墙通过TCF传输的数据，尤其关注收集个人数据的法律依据与目的。研究发现，Cookie付费墙普遍依赖合法利益法律基础，且该基础常与同意相混淆；同时，付费墙的存在与DPA的法律裁决或指南之间缺乏相关性。