Cookie Banners

cookie banner
The GDPR was meant to ensure that users have full control over their data. But being online has become a frustrating experience for people all over Europe: Cookie banners appear at every corner of the web, often making it extremely complicated to click anything but the “accept” button. 

Companies use so-called “dark patterns” (like unfavorable contrasts for buttons or links) to nudge more than 90% of users to click “agree” when industry statistics show that only 3% of users actually want to accept cookies. These methods clearly contradict the principles of the ePrivacy directive and also the GDPR, as valid consent must be freely given, specific, informed and unambiguous. 

More and more websites now also make use of “cookie paywalls” or “pay or okay” banners, giving users the option to accept all cookies which leads to their data being passed on to hundreds of tracking companies or take out a subscription for often times exorbitant prices. In this case, users have no free choice as saying "no" to tracking is not only time-consuming, but also expensive. The costs for paying usually exceeds the revenue for advertisement by a factor of 10 to 100. Providers of software solutions therefore praise “pay or okay” as an option to get a consent rate of more than 99%.

In order to tackle these problems, noyb

  • is investigating the way cookie banners are implemented online and whether the choices users make are respected in practice,
  • has developed a mass scanning system to automatically detect unlawful cookie banners and create complaints which are sent to the companies, giving them a grace period to adjust their cookie banner before the complaint is submitted to the responsible authority,
  • developed a proposal for a standard that would manage preferences, because we believe the real answer to this issue is user-centered privacy and to create simple solutions for consumers and
  • is aware of the problem that newspapers and magazines are looking for avenues to survive in the digital world but narrow profits at the expense of their readers’ fundamental right to data protection will not be the solution for structural financial problems.

Case Controller DPA Status Duration
C037-222 CaixaBank, S.A. DSB (Austria), AEPD (Spain) Partly Won Filed:
(3 years 3 months ago)
C037-224 Twitter International Company, Twitter, Inc. DPC (Ireland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-301 Allegro.pl sp. z o.o. DSB (Austria), UODO (Poland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-302 Wirtualna Polska Holding S.A. DSB (Austria), UODO (Poland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-303 Ringier Axel Springer Polska sp. z o.o. DSB (Austria), UODO (Poland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-305 Grupa Interia.pl DSB (Austria), UODO (Poland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-306 Verizon Media EMEA Limited DPC (Ireland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-307 LLC 'V Kontakte. MGL MY.COM (CYPRUS) LIMITED DSB (Austria), Commissioner (Cyprus) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-308 eBay GmbH LDA (Brandenburg) Partial Decision Filed:
(3 years 3 months ago)
C037-309 Twitch UK Limited DSB (Austria) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-312 Microsoft Ireland Operations Limited DPC (Ireland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-313 Telewizja Polska Spółka Akcyjna DSB (Austria), UODO (Poland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-401 ORF Online und Teletext GmbH & Co KG DSB (Austria) Partly Won Filed:
(3 years 3 months ago)
C037-501 Poste Italiane S.p.A. DSB (Austria), Garante per la protezione dei dati personali (Italy) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-502 Subito.it S.r.l. DSB (Austria), Garante per la protezione dei dati personali (Italy) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-503 7Pixel S.r.l. DSB (Austria), Garante per la protezione dei dati personali (Italy) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-504 Idealista S.r.l. DSB (Austria), Garante per la protezione dei dati personali (Italy) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-505 Italiaonline S.p.A. DSB (Austria), Garante per la protezione dei dati personali (Italy) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-601 Google LLC DSB (Austria) Pending (3 - 4 years) Filed:
(3 years 3 months ago)
C037-602 Meta Ireland Limited DPC (Ireland) Pending (3 - 4 years) Filed:
(3 years 3 months ago)

Share