EU privacy campaign group Noyb has filed 226 GDPR complaints with 18 authorities to the websites that installed non-compliant cookie banners on 9th Aug 2022.

Noby is the European centre for digital rights, it is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus.

Previously, Noyb has also filed complaints against Apple's tracking code "IDFA".

EU GDPR Cookie Consent Compliance

What we have learned

Noby has found some websites that installed cookie banners have no choice at all being offered to site users to deny tracking in a clear breach of the law around consent. Others have implemented a reject button (30% of all warned websites) but are still ignoring other aspects like deceptive designs.

"Deceptive cookie banner designs try to force a user’s agreement by making it insanely burdensome to decline cookies. The GDPR actually requires a fair yes/no choice, not crazy click-marathons." - Ala Krinickytė, Data Protection Lawyer at noyb

"We want to ensure compliance, ideally without filing cases. If a company however continues to violate the law, we are ready to enforce users’ rights,” - Max Schrems, Chairman at noyb

The examples of pages violate "almost everything":

• https://www.elle.com/
• https://www.menshealth.com/
• https://www.delish.com

The examples of pages with at least some violations:

• https://fifa.com
• https://rituals.com
• https://clinique.at/de
• https://hbo.com

Common cookie banner issues identified by Noby

1. No Reject Option on First Layer
2. Pre-Ticked
3. Link instead of Button to Reject
4. Deceptive Button Contrast
5. Deceptive Button Color
6. Legitimate Interest
7. Not "Essential"
8. "Not as easy to withdraw as to consent"

How to stay cookie compliant with UniConsent CMP

1. Display Reject All button at the first layer
2. Avoid GDPR dark-patterns
3. Integrate with your tags correctly and only load them once consent is given

About UniConsent

UniConsent is a part of Transfon User Experience Platform provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: hello@uniconsent.com

References

• https://noyb.eu/en/226-complaints-lodged-against-deceptive-cookie-banners
• https://noyb.eu/en/noyb-aims-end-cookie-banner-terror-and-issues-more-500-gdpr-complaints
• https://www.business-humanrights.org/en/latest-news/noyb-files-complaints-against-apples-tracking-code-idfa/
• https://techcrunch.com/2022/08/08/noyb-gdpr-cookie-consent-complaints/