Recently, Noyb sent over 500 draft complaints to European companies who use unlawful cookie banners - the largest wave of complaints since the GDPR came into force in 2018. Noyb is targeting companies which it says deliberately make it hard to opt out of tracking cookies. The aim? Ending “cookie banner terror” in the EU. What does this mean for you? Carry on reading to find out.
Summary:
- The Noyb cookie banner complaints
- What does this mean in practice?
- Didomi can ensure cookie banner compliance
Yes We Trust Summit: Didomi organised a worldwide event on October 7th 2021 on how privacy drives business
What is personal data, and who should it belong to? What value can companies place in data today? How can companies place trust in their raw data, how can it help take better decisions and be used in new ways without infringing privacy regulation? Watch the replay to know more.
{{watch-replay}}
The Noyb cookie banner complaints
The European Center for Digital Rights, also known as Noyb (None of Your Business), is a non-profit organization started in 2017 by Austrian privacy activist, lawyer, and author, Max Schrems.
They aim to end “cookie banner terror” in the EU by ensuring that users are given a clear yes/no option.
In practice, they seek to eradicate cookie banners that make it incredibly complicated to click on anything but the “accept” button (also known as “dark patterns”).
They also seek to eliminate what they refer to as “forced consent”, where users are required to consent to the use of their personal data in order to continue using a service.
A three step process to battle against “cookie banner terror”:
Noyb’s campaign for lawful cookie banners is a clearly set-out process.
- 500 draft complaints are sent to European companies who use unlawful cookie banners (the largest wave of complaints since the GDPR came into force).
- A one-month grace period is granted by Noyb. If companies do not comply within that period, Noyb will file a formal complaint with the relevant authority, which may issue a fine of up to €20 Million.
- Over the course of a year, Noyb will use this process to produce complaints for up to 10,000 of the most visited websites in Europe.
Image taken from the Noyb website, highlighting their process to eliminate cookie banner "dark patterns"
“A whole industry of consultants and designers develop crazy click labyrinths to ensure imaginary consent rates. Frustrating people into clicking ‘okay’ is a clear violation of the GDPR’s principles. Under the law, companies must facilitate users to express their choice and design systems fairly.” - Max Schrems, Chair of Noyb
What does this mean in practice?
While some may not like the boldness and directness of Noyb's campaign, the intention is a good one. In fact, Didomi has always stood for transparency and trust, and we continuously help companies design better consent & preference mechanisms that build trust through privacy.
Noyb openly states that most pages violate the GDPR. Of the more than 500 pages where a complaint was issued:
- 81 % did not offer a “reject” option on the initial page at all. Users had to dive into sub-menus to find a hidden “reject” option.
- A further 73% used deceptive colors and contrasts to lead users to click the “accept” option.
- A total of 90% did not provide a way to easily withdraw consent.
However, if Noyb's campaign is successful, users should see simple and clear “yes or no” options on more and more websites in the upcoming months.
<.com/1W0cTSsAWUFHAllf9U2BqoNrWdtCu08gfbxK16XNfiw7TbwczbRBBmh9x33Xv7cyCd-i0_3JTLnDBvdOKXNB0cxX-ZZbyn9XLHeabdvyYWI0-VYitn6hzsyoXCABaNOtQGvd9RYB" width="708" loading="lazy" style="width: 708px;">
Example of the Didomi CMP: which clearly offers a yes/no option on the first level of the banner.
Currently, Noyb is focused on popular pages in Europe. However, it’s important to note that any company that receives visitor traffic from users located in the EU/EEA must adhere to the GDPR with respect to any personal data collected from such users that falls within the scope of the law.
Didomi can ensure cookie banner compliance
Didomi, like Noyb, is fully committed to ensuring that user rights are upheld and that organisations are well aware of, and comply with, their data privacy obligations. In the main, NOYB’s interpretation of the GDPR and Didomi's principles are aligned.
The Didomi CMP ensures compliance, avoiding “dark patterns”
The Didomi Consent Management Platform (CMP) allows organizations to easily manage and optimize user consent collection on all channels.
{{discover-our-cmp}}
Didomi clients are able to show exemplary compliance and reduce legal risk by collecting consent across every touchpoint.
Didomi’s top tips for compliance:
Regulation changes slightly depending on local authority guidelines, but there are certain do’s and don’ts to bear in mind when prioritising compliance. Here are some things to avoid:
- Deceptive button colors: For example, the “more details” button has the same background color as the banner, causing it to blend in, while the “accept” button has a different color, causing it to appear highlighted.
- Scrolling as a form of consent: Local authority regulations such as those of the CNIL and the AEPD state that scrolling is not a valid form of consent, as it does not constitute a positive affirmative action.
- Not as easy to withdraw as to give consent: There is no visible option to withdraw consent visible in the banner or elsewhere on the website.
- Pre-ticked consent options in the second layer: Pre-ticked boxes are the types of “dark patterns” that are non-compliant.
- No “refuse all” option on the first layer: This is a controversial topic, and the recommendations of different local authorities diverge. The French CNIL states that there must be a “refuse all” option on the first layer of the banner, however this is not (yet) the case in Spain, for example. Didomi encourages a “refuse all” option on the first level of the banner, and we have implemented this into our own consent notice, in all languages.
At Didomi, we allow our clients to easily comply with regulation globally (GDPR, CCPA etc) and allow their users to access and update preferences instantaneously, as requested by the most stringent privacy laws.
We were proud to be one of the earliest CMPs to be approved as TCF v2 compliant by the IAB Europe, and are even prouder to announce that we were the first European company to offer a TCF-compliant consent management solution for connected TV, proving our commitment to collecting consent across multiple touchpoints.
While some privacy advocates - NOYB included - may not fully endorse and recognize the IAB Europe's TCF framework as a credible solution to address this challenge, we believe that it is still the best international standard to date.
The world will need more initiatives like that, led by the IAB Europe, the IAB and various other industry players, because we all need to make privacy more practical and positive, for consumers and businesses alike.
A recent, European consumer survey showed that 80% of consumers pay attention to privacy before purchase, and about ⅔ modify their purchasing decisions in line with companies’ privacy commitments.
At Didomi, we believe that, by encouraging our clients to place customer consent at the core of their strategy, we allow them to generate valuable trust and lay the groundwork for privacy-conscious growth.
Specialized in consent management, Didomi offers you a turnkey solution and premium support. We support the Noyb initiative as we believe that transparency and trust mark the future of data collection.
Are you a Didomi client concerned about the Noyb initiative? Or are you currently looking for a solution that will allow you to respect Noyb demands?
We are at your disposal to see how we can ensure compliance for your company: do not hesitate to contact us!
{{request-a-demo}}