Say “NO” to cookies – yet see your privacy crumble?

Cookie Banners
 /  10 December 2019
Say “NO” to cookies – yet see your privacy crumble?

Cookie banners of large French webpages turn a clear “NO” into “fake consent” files three GDPR complaints with the French Data Protection Regulator (CNIL).

Quick Links:

Relying on the open source extension “Cookie Glasses” developed by researchers of the French institute identified countless violations of European and French cookie privacy laws as CDiscount, Allociné and Vanity Fair all turn a rejection of cookies by users into a “fake consent”. The privacy enforcement non-profit filed three formal complaints with the French Data Protection Authority (CNIL) today.

Up to 565 “fake consents” per user. Despite users going through the trouble of “rejecting” countless cookies on the French eCommerce page CDiscount, the movie guide and the fashion magazine Vanity Fair, these webpages have sent digital signals to tracking companies claiming that users have agreed to being tracked online. CDiscount has sent “fake consent” signals to 431 tracking companies per user, Allocine to 565 and Vanity Fair to 375, as the analysis of the data flows now show.

Major online advertisement companies rely on “fake consent”. Among the recipients of this “fake consent” are Facebook and the online advertising companies AppNexus and PubMatic. These companies have consequently placed tracking cookies after users have clearly objected to all tracking.

IAB framework plays key role. All webpages used the so-called “IAB Transparency and Consent Framework”, an industry standard behind most cookie banners to communicate the “fake consent”. Only Facebook does currently not use the IAB Framework – but still placed cookies without consent. 

IAB framework plays key role.

Every user should be entitled to receive a clear information regarding the setting of cookies on their device and each data controller must ensure the respect the user’s choice: refusal or acceptation of such setting. protects your privacy: Article 80 of the GDPR foresees that data subjects can be represented by a non-profit association. As in 20 cases right now, noyb brought this case on behalf of the data subjects free of charge. More than 3.600 supporting members allow to enforce the fundamental right to privacy. You can become a member too!