The UK Government might be planning to relax the rules on online cookies but privacy champion Max Schrems is in no mood to let firms off the hook, launching yet another barrage of official GDPR complaints over deceptive data-collection banners.
The organisation argues online users suffer from deceptive designs, with banners designed to make rejecting cookies extremely complicated all over the web. In their banner designs, companies use so-called “dark-patterns” to get users to click the “accept” button because it is too burdensome to decline.
Schrems’ organisation, NOYB, first began fingering companies which it claimed were in breach of GDPR in June 2021, rifling off over 500 draft complaints to firms which were using the OneTrust cookie banner software.
The companies were then served with an informal draft complaint, a step-by-step guide on how to adapt their software settings and a 60-day grace period to comply. Only if they chose to not fully comply, did NOYB threaten to file a complaint with the relevant authority.
Many did make the right changes, including top brands Nikon, MasterCard and Seat, and adapted their settings by adding “reject” buttons. OneTrust also changed the standard settings to be more GDPR compliant.
However, hundreds of websites did not comply and had formal GDPR complaints made against them with 10 different data protection authorities.
Then in August last year, another 400 companies were targeted; only a fraction of all violations were remedied within grace period of 60 days, 80% of companies failed to fully comply. This has triggered this week’s action which has seen a total of 226 complaints filed with 18 data protection authorities.
Schrems said: “We want to ensure compliance, ideally without filing cases. However, if a company continues to violate the law, we are ready to enforce users’ rights.
“We mainly saw positive feedback from websites, but also noticed a large spill-over effect. Many websites we have not contacted yet have adapted their settings once they heard about these complaints. This shows that enforcement ensures compliance beyond the individual case. We were also contacted by users who noticed an increasing amount of ‘reject’ buttons appear on websites in the last year.”
In the coming months, NOYB has vowed to continue its war on deceptive cookie banners by scanning thousands of websites. The organisation is also planning to extend its scope to pages that use other consent management platforms than OneTrust, such as TrustArc, Cookiebot, Usercentrics, and Quantcast.
NOYB is still waiting for first decisions in the complaints which were filed in August 2021.
Related stories
Top brands face official probe for illegal consent cookies
Facebook nemesis targets sites over consent cookies
Apple cut to the core by new unlawful tracking claims
Decision Marketing at 10: How GDPR changed the world
US tech giants rocked as Privacy Shield gets the chop
Transatlantic data transfers torpedoed once again
Facebook ‘still using illegal safe harbour agreement’