Noyb files complaints with data protection supervisory authorities against cookie banners

von Jan

Noyb announced that it had filed official complaints with the relevant data protection supervisory authorities against 422 companies because of their cookie banners. Noyb stands for “None of your business” and is an association that is committed to enforcing data protection. One of the founding members of the association is the well-known data protection activist Max Schrems. This became known, among other things, through the proceedings he initiated, which led to the groundbreaking decisions of the ECJ that overturned both Safe Harbor and the EU-US Privacy Shield.

Cookie banner not fully GDPR compliant

Initially, Noyb approached over 500 companies in May 2021 so that they could adapt the cookie banners on their websites in accordance with GDPR. 42% of the violations were then actually removed on the websites by the end of May, however, according to Noyb, 82% of companies still did not act in full compliance with data protection regulations. The companies indicated that they would wait for a clear decision from the authorities before accepting any potential losses. They fear competitive disadvantages if their competitors would exploit the gaps that they believe to be and they would not.

Dark patterns in cookie banners cause controversy

The point of contention between Noyb and the companies is mainly the so-called “dark patterns” and the question of the need to include a “decline” button and its design. For example, the coloring of the buttons available for selection can lead to the fact that users do not perceive or click boxes. This violates the requirements of the GDPR for transparency and clarity.

Companies also carried out user tracking on the grounds of “legitimate interest”. Noyb also complained that it was too difficult for some companies to withdraw consent.

422 formal complaints filed with regulators

Noyb has now lodged complaints with the data protection authorities. Most of the complaints were made in Austria. But decisions made outside of Germany will also have an impact on German companies. With the GDPR, a European framework for standardizing and strengthening data protection came into force in 2018. This leads to uniform regulation in many areas within the EU. With regard to the design of cookie banners, the national data protection supervisory authorities have already issued guidelines. However, depending on the country, these do not cover every case, so that companies claim gray areas for themselves.

Noyb Announces More Website Reviews

Noyb wants to take action against this and bring the authorities to clear decisions with the complaints. Noyb has already announced that it will conduct further website reviews. The already addressed 516 companies and now submitted 422 complaints are a first test case. It is planned to use scans to check up to 10,000 websites as part of a one-year project.

Companies should check their cookie banners to ensure that they are fully compliant with data protection regulations.

If you are unsure what to look out for when designing, take a look at our blog post from July 21, 2021: Cookies and data protection – what does legally compliant consent look like?

If you need more support, please contact us! Together with you, we will find the right solution for your company! Simply use our contact form.

You can also call us at the headquarters in Hutthurm on +49 (0) 8505 91 927 – 0 or in our Munich branch on +49 (0) 89 413 2943 – 0.


Jan ist seit seiner erfolgreich abgeschlossenen Ausbildung als Business Development Manager bei der aigner business solutions tätig. Jan setzt seine Kreativität, Talent für Bildbearbeitung und Leidenschaft für Videoschnitt in unserer Marketingabteilung ein und unterstützt zudem den Vertriebsprozess bei ihren alltäglichen Aufgaben. Nicht zuletzt dürfen sich unsere Kunden und Follower stets über neue interessante Inhalte auf unseren Social Media Kanälen und in unseren Newslettern freuen.