The European Center for Digital Rights (noyb.eu) launched recently a campaign against deceptive cookie banners. They issued over 500 draft complaints for GDPR violations for websites that do not follow the law requirements. The complaints were addressed to companies of various sizes, both big and small.
Noyb.eu uses software to scan websites for GDPR violations
Noyb.eu, who became famous for taking on Facebook, is demanding that businesses in the EU provide a simple yes/no option on cookie banners. Otherwise, they could face significant fines (maximum GDPR fines)
Using software that automatically detects non-compliant websites, noyb identified their initial list and sent out the first wave of complaints. Once a company receives the warning, they have one month to become compliant. If not, noyb will file formal complaints with the appropriate data authorities. Additional scans will continue throughout this year, which could result in another 10,000 complaints.
Max Schrems, Chair of noyb.eu: "A whole industry of consultants and designers develop crazy click labyrinths to ensure imaginary consent rates. Frustrating people into clicking 'okay' is a clear violation of the GDPR's principles. Under the law, companies must facilitate users to express their choice and design systems fairly. Companies openly admit that only 3% of all users actually want to accept cookies, but more than 90% can be nudged into clicking the 'agree' button."
Large corporations, especially multi-nationals, have teams of privacy specialists to help them adapt to regulations. However, many businesses struggle without the right tools or support to ensure they are compliant. Those that do not take action, some hoping regulators will focus only on larger enterprises like Facebook, are taking a large risk.
As technology improves, we can expect more enhanced scanning techniques which will more easily and quickly identify those not in compliance. resulting in increasing fines and damaged reputations.
As Mr. Schrems said "We want to ensure compliance, ideally without filing cases. If a company however continues to violate the law, we are ready to enforce users' rights."
What are the GDPR requirements for cookie banners?
Since the GDPR came into effect, websites are obliged to comply with its requirements. No matter where your company is based, or its size, if you are tracking information about users from the EU you must be GDPR compliant.
So, if you want to use cookies, you must obtain the user’s consent. This also requires that users should have a clear, and easily understood, yes or no option. It is also important to ensure you provide accurate information about the data each cookie tracks and its purpose. Additionally, while some websites improperly ignore this, users should be able to access your services even if they refuse certain cookies. Users also must have the right to be able to withdraw their consent regarding the use of their data.
Conclusions
While the GDPR has many specific requirements for cookie banners, with the right tools your obligations can become relatively easily, and you can still gather the data you need to run your business.
Besides potential fines, not complying could result in reputational damage to your business. In other words you are not respecting your client’s data privacy.
With Sovy, cookie consent management is easy, and you can deploy a customized banner on your website within minutes.
Find out more about GDPR fines and how to avoid them.
