Noyb files complaints with data protection supervisory authorities against cookie banners

Initially, Noyb approached over 500 companies in May 2021 so that they could adapt the cookie banners on their websites in accordance with GDPR. 42% of the violations were then actually removed on the websites by the end of May, however, according to Noyb, 82% of companies still did not act in full compliance with data protection regulations. The companies indicated that they would wait for a clear decision from the authorities before accepting any potential losses. They fear competitive disadvantages if their competitors would exploit the gaps that they believe to be and they would not.

The point of contention between Noyb and the companies is mainly the so-called “dark patterns” and the question of the need to include a “decline” button and its design. For example, the coloring of the buttons available for selection can lead to the fact that users do not perceive or click boxes. This violates the requirements of the GDPR for transparency and clarity.

Companies also carried out user tracking on the grounds of “legitimate interest”. Noyb also complained that it was too difficult for some companies to withdraw consent.

Noyb has now lodged complaints with the data protection authorities. Most of the complaints were made in Austria. But decisions made outside of Germany will also have an impact on German companies. With the GDPR, a European framework for standardizing and strengthening data protection came into force in 2018. This leads to uniform regulation in many areas within the EU. With regard to the design of cookie banners, the national data protection supervisory authorities have already issued guidelines. However, depending on the country, these do not cover every case, so that companies claim gray areas for themselves.

Noyb wants to take action against this and bring the authorities to clear decisions with the complaints. Noyb has already announced that it will conduct further website reviews. The already addressed 516 companies and now submitted 422 complaints are a first test case. It is planned to use scans to check up to 10,000 websites as part of a one-year project.

Companies should check their cookie banners to ensure that they are fully compliant with data protection regulations.

If you are unsure what to look out for when designing, take a look at our blog post from July 21, 2021: Cookies and data protection – what does legally compliant consent look like?

If you need more support, please contact us! Together with you, we will find the right solution for your company! Simply use our contact form.

You can also call us at the headquarters in Hutthurm on +49 (0) 8505 91 927 – 0 or in our Munich branch on +49 (0) 89 413 2943 – 0.