Logo Logo
Cookiebot

Try our free compliance test to check if your website's use of cookies and online tracking is GDPR/ePR compliant.

The test also shows what data your website collects and which third parties it shares with, a requirement under the CCPA.

NOYB consent bannernoyb consent banner

Updated August 19, 2021.


Privacy group NOYB led by Max Schrems has filed 422 complaints on unlawful cookie banners to EU data protection authorities in a large-scale push to simplify cookie consent to a clear yes/no answer in compliance with the EU’s GDPR.

Using a new tool that can determine the GDPR compliance of a website’s consent flow, NOYB aims to file up to 10,000 complaints by the end of 2021 in a large-scale push to simplify cookie consent to a clear yes/no answer.

Cookiebot consent management platform (CMP) comes with strict standard settings that automatically provides your website with a fully GDPR compliant cookie banner.

Does your website’s cookie banner live up to the GDPR’s requirements? See our comprehensive guide for making your cookie banner GDPR compliant and scan your website for free to find and control all cookies.


What is NOYB’s cookie banner campaign about?


Privacy group fights dark patterns on cookie banners with new tool

The non-profit privacy group NOYB (None of Your Business) has announced a campaign to “end cookie banner terror” on the Internet by forcing websites to trim deliberately complicated and unlawful cookie banners in order to become compliant with the EU’s General Data Protection Regulation (GDPR).

On May 31, NOYB filed over 500 draft complaints to companies in 33 EU countries who use cookie banners on their websites in ways that violate the GDPR’s requirements for protection of end-users’ personal data, e.g. by nudging end-user behavior or simply by being overly complex in their design (also known as “dark patterns”).

Using a newly developed technology that can map out a website’s consent flow and determine whether it’s in violation of the GDPR, NOYB plans to send up to 10,000 such draft complaints to websites before the end of 2021.

On August 17, NOYB then filed 422 complaints to data protection authorities in ten EU countries, making good of their threat to pursue legal action on the companies that didn’t fix their non-compliant cookie banners within a month. Even though 42% of the violations originally flagged in the May draft complaints had been fixed, according to NOYB, 82% of companies were still non-compliant with the EU’s GDPR.



NOYB consent

NOYB is forcing websites in the EU to trim deliberately unlawful cookie banners to clear yes/no choice.



According to the EU’s GDPR and the European Data Protection Board (EDPB), consent to cookies on website must be freely given, specific, informed, and unambiguous to be valid.

That’s why cookie banners must give end-users a clear yes/no choice between accepting or rejecting cookies.


What are the common findings in NOYB’s cookie banner campaign?

The websites in NOYB’s cookie banner complaints violate this basic requirement in different ways, including –


Do you use cookies in compliance with the EU’s GDPR?
Scan your website and become compliant for free with Cookiebot CMP

Guide on how to ensure that your cookie banners are GDPR compliant



Led by the famous and fierce data privacy activist Max Schrems, NOYB has fought several major data privacy battles in recent years.

Most famous is their win in the CJEU case that brought down the EU-US data transfer scheme known as the Privacy Shield.

With NOYB’s cookie banner campaign, renewed focus and intensified scrutiny is being put on clearing out and trimming down the many deceptively complex and non-compliant consent schemes that leave end-users frustrated, and their personal data ill protected.


NOYB’s cookie banner campaign, summarized

  1. NOYB has developed a tool that automatically maps a website’s cookie consent flow and is able to determine whether a cookie banner lives up to the GDPR’s requirements or not
  2. NOYB sends a draft complaint to the non-compliant website, including a detailed guidance on how to correct the cookie banner implementation to meet GDPR standards
  3. NOYB gives the website in violation one month to change their cookie banner
  4. If the website in violation does not change their non-compliant cookie banner, NOYB files a formal complaint with the data protection authority in the EU member country where the website/company is located

Scan your website for free to see all cookies and trackers in use

Try Cookiebot CMP free for 30 days – or forever if you have a small website.


Ensure GDPR compliance with Cookiebot CMP


Step-by-step guide to make your cookie banner GDPR compliant

Cookiebot CMP comes with strict standard settings that automatically provides your website with a GDPR compliant cookie banner.

This means that if you implement Cookiebot CMP on your website and don’t change any settings, your cookie banner configuration will be in compliance with the GDPR by default.

If you change standard settings and are unsure whether your cookie banner still lives up to the GDPR’s requirements, check out our easy-to-follow guide here.



noyb consent banner

End-user consent is a simple, but powerful tool to ensure data privacy on the Internet.



Since 2012, Cybot – the parent company of Cookiebot CMP – has worked to protect end-user privacy by delivering easy-to-use and automatic compliance solutions to websites all over the world.

We believe that our solution can help foster a thriving, sustainable internet economy by balancing data privacy and data-driven business around end-user consent.

Cookiebot CMP is highly customizable so that websites anywhere can configure their cookie banners to fit the local and relevant data protection requirements, and to make sure they fit with website designs.

Cookiebot CMP’s world-leading scanner automatically detects all cookies and trackers on your website and controls them in an easy-to-use cookie banner that lives up to all requirements by the EU’s GDPR.

Cookiebot CMP offers compliance solutions for all major data privacy laws – not just EU’s GDPR, but also California’s CCPA/CPRA, Brazil’s LGPD, South Africa’s POPIA, Canada’s PIPEDA, Thailand’s PDPA, Malaysia’s PDPA and many others.

Following NOYB’s cookie banner campaign, we have created an overview of possible GDPR violations and a step-by-step guide for how you can ensure that your cookie banner is configured in GDPR compliance.

Our step-by-step guide takes you through the Cookiebot CMP manager and points out all the places where a GDPR violation could occur if settings are changed.


See our guide to make your Cookiebot CMP banner fully GDPR compliant

Scan your website for free to find and control all cookies in use

Try Cookiebot CMP free for 30 days – or forever if you have a small website


The GDPR’s requirements for your cookie banner

Under the EU’s General Data Protection Regulation (GDPR), it is the legal responsibility of website owners and operators to ensure that personal data from individuals inside the EU is only collected and processed if end-users have given their prior, explicit consent.



GDPR compliant cookie banners empower end-users to easily protect themselves and their data.

GDPR compliant cookie banners empower end-users to easily protect themselves and their data.



Summarized, the GDPR makes the following requirements for how your website must collect end-user consents (via cookie banners) –

If you’re in doubt whether your website’s cookie banner meets all the above GDPR requirements, check out our easy guide here.


Guide to ensure GDPR compliance with Cookiebot CMP

Learn more about the GDPR and cookies

Scan your website for free to see all cookies in use

Learn more about Cookiebot CMP and the IAB Transparency and Consent Framework


FAQ


What is NOYB’s cookie banner complaints about?

NOYB’s cookie banner complaints is a campaign pushing for websites in the EU to obey by the rules set down by the GDPR, which states that end-users must be offered a clear yes/no choice between cookies online. Many websites today fail to live up to the GDPR’s requirements, and NOYB is taking action by threatening formal legal complaints.

Learn more about NOYB’s cookie banner campaign


How can I know if my cookie banner is GDPR compliant?

Your website’s cookie banner must give end-users a clear choice to say “yes” or “no” to cookies, and not be nudging, deceptive or overly complex. Scan your website with Cookiebot consent management platform to see whether your domain is in compliance with the GDPR.

Try Cookiebot CMP free for 30 days – or forever if you have a small website


Is my cookie banner allowed to just say “accept”?

No, your cookie banner must leave the end-user with a genuine choice of accepting and rejecting the cookies in use on your website. NOYB’s cookie banner complaints are centered around exactly this issue. End-users must be able to say “yes” or “no” to cookies equally easy.

Scan your website for free to see all cookies in use


What happens if my cookie banner does not live up to the GDPR?

Non-compliance with the EU’s GDPR can lead to fines of up to €20 million or 4% of your company’s annual global revenue, whichever is higher. Customer relations and brand reputation can also suffer from violations of end-user data protection.

Get started with Cookiebot CMP today for full GDPR compliance


Resources


Guide for ensuring GDPR compliance with Cookiebot CMP

Read our blogpost on GDPR and cookie consent

Read our blogpost on EDPB guidelines on valid cookie consent in the EU

Noyb files 422 complaints to EU data protection authorities

NOYB aims to end “cookie banner terror” and issues more than 500 GDPR complaints

WeComply! FAQ on NOYB

Europe’s cookie consent reckoning is coming, TechCrunch

Privacy group targets website ‘cookie terror’, BBC

New: Cookiebot™ for Partners 

Deliver automated cookie compliance at scale with Cookiebot™ for Partners.

Make your website’s use of cookies and online tracking compliant today

Try for free