{"id":799,"date":"2022-01-17T10:33:00","date_gmt":"2022-01-17T10:33:00","guid":{"rendered":"https:\/\/www.cookiebot.com\/en\/?p=799"},"modified":"2026-03-12T09:14:50","modified_gmt":"2026-03-12T08:14:50","slug":"noyb-cookie-banners","status":"publish","type":"post","link":"https:\/\/www.cookiebot.com\/en\/noyb-cookie-banners\/","title":{"rendered":"NOYB cookie banner complaints"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-what-is-noyb-s-cookie-banner-campaign-about\">What is NOYB\u2019s cookie banner campaign about?<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-privacy-group-fights-dark-patterns-on-cookie-banners-with-new-tool\">Privacy group fights dark patterns on cookie banners with new tool<\/h3>\n\n\n\n<p>The non-profit privacy group <a href=\"http:\/\/www.noyb.eu\/\" target=\"_blank\" rel=\"noreferrer noopener\">NOYB (None of Your Business)<\/a>&nbsp;has announced a campaign to \u201cend cookie banner terror\u201d on the Internet by forcing websites to trim deliberately complicated and unlawful cookie banners in order to become compliant with the <a href=\"\/en\/gdpr\/\">EU\u2019s General Data Protection Regulation (GDPR)<\/a>.<\/p>\n\n\n\n<p>On May 31, <a href=\"https:\/\/noyb.eu\/en\/noyb-aims-end-cookie-banner-terror-and-issues-more-500-gdpr-complaints\/\" target=\"_blank\" rel=\"noreferrer noopener\">NOYB filed over 500 draft complaints to companies in 33 EU countries<\/a>&nbsp;who use cookie banners on their websites in ways that violate the GDPR\u2019s requirements for protection of end-users\u2019 personal data, e.g. by nudging end-user behavior or simply by being overly complex in their design (also known as \u201cdark patterns\u201d).<\/p>\n\n\n\n<p>Using a newly developed technology that can map out a website\u2019s consent flow and determine whether it\u2019s in violation of the GDPR, NOYB plans to send up to 10,000 such draft complaints to websites before the end of 2021.<\/p>\n\n\n\n<p>On August 17, <a href=\"https:\/\/noyb.eu\/en\/noyb-files-422-formal-gdpr-complaints-nerve-wrecking-cookie-banners\/\" target=\"_blank\" rel=\"noreferrer noopener\">NOYB then filed 422 complaints to data protection authorities in ten EU countries<\/a>, making good of their threat to pursue legal action on the companies that didn\u2019t fix their non-compliant cookie banners within a month. Even though 42% of the violations originally flagged in the May draft complaints had been fixed, according to NOYB, 82% of companies were still non-compliant with the EU\u2019s GDPR.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized is-style-cb-rounded\"><img loading=\"lazy\" decoding=\"async\" src=\"\/media\/4125\/noyb-image-1.jpg?width=450&amp;&amp;mode=max\" alt=\"Cross and tick icons cut into a Hedge - Cookiebot\" width=\"770\" height=\"513\"\/><figcaption class=\"wp-element-caption\">NOYB is forcing websites in the EU to trim deliberately unlawful cookie banners to clear yes\/no choice.<\/figcaption><\/figure>\n\n\n\n<p>According to the <a href=\"\/en\/gdpr\/\">EU\u2019s GDPR<\/a>&nbsp;and the <a href=\"\/en\/edpb-guidelines\/\">European Data Protection Board (EDPB)<\/a>, consent to cookies on website must be <strong>freely given<\/strong>, <strong>specific<\/strong>, <strong>informed<\/strong>, and <strong>unambiguous<\/strong>&nbsp;to be valid.<\/p>\n\n\n\n<p>That\u2019s why cookie banners must <strong>give end-users a clear yes\/no choice between accepting or rejecting cookies<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-what-are-the-common-findings-in-noyb-s-cookie-banner-campaign\">What are the common findings in NOYB\u2019s cookie banner campaign?<\/h3>\n\n\n\n<p>The websites in NOYB\u2019s cookie banner complaints violate this basic requirement in different ways, including \u2013<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cookie banners have no \u201creject\u201d option next to \u201caccept\u201d, meaning that users cannot opt out of cookies as easily as they can opt in<\/li>\n\n\n\n<li>Cookie banners have pre-ticked boxes, giving a false sense of a \u201cfreely given\u201d consent<\/li>\n\n\n\n<li>Cookie banners will have deceptive designs and color schemes that nudge users towards accepting cookies<\/li>\n\n\n\n<li>Cookie banners make it harder for end-users to withdraw their consent than it was to give it<\/li>\n\n\n\n<li>Cookie banners will have inaccurate classifications of cookies<\/li>\n\n\n\n<li>Cookie banners will claim legitimate interest wrongfully.<\/li>\n<\/ul>\n\n\n\n<p><strong>Do you use cookies in compliance with the EU\u2019s GDPR?<\/strong><br><a href=\"\/\">Scan your website and become compliant for free with Cookiebot CMP<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guide on how to ensure that your cookie banners are GDPR compliant<\/a><\/p>\n\n\n\n<p>Led by the famous and fierce data privacy activist Max Schrems, NOYB has fought several major data privacy battles in recent years.<\/p>\n\n\n\n<p>Most famous is <a href=\"\/en\/schrems-ii-privacy-shield\/\">their win in the CJEU case<\/a>&nbsp;that brought down the EU-US data transfer scheme known as the Privacy Shield.<\/p>\n\n\n\n<p>With NOYB\u2019s cookie banner campaign, renewed focus and intensified scrutiny is being put on clearing out and trimming down the many deceptively complex and non-compliant consent schemes that leave end-users frustrated, and their personal data ill protected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-noyb-s-cookie-banner-campaign-summarized\">NOYB\u2019s cookie banner campaign, summarized<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>NOYB has developed a tool that automatically maps a website\u2019s cookie consent flow and is able to determine whether a cookie banner lives up to the GDPR\u2019s requirements or not<\/li>\n\n\n\n<li>NOYB sends a draft complaint to the non-compliant website, including a detailed guidance on how to correct the cookie banner implementation to meet GDPR standards<\/li>\n\n\n\n<li>NOYB gives the website in violation one month to change their cookie banner<\/li>\n\n\n\n<li>If the website in violation does not change their non-compliant cookie banner, NOYB files a formal complaint with the data protection authority in the EU member country where the website\/company is located<\/li>\n<\/ol>\n\n\n\n<p><a href=\"\/\">Scan your website for free to see all cookies and trackers in use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/admin.cookiebot.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-ensure-gdpr-compliance-with-cookiebot-cmp\">Ensure GDPR compliance with Cookiebot CMP<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-step-by-step-guide-to-make-your-cookie-banner-gdpr-compliant\">Step-by-step guide to make your cookie banner GDPR compliant<\/h3>\n\n\n\n<p><a href=\"\/\">Cookiebot CMP<\/a>&nbsp;comes with strict standard settings that automatically provides your website with a GDPR compliant cookie banner.<\/p>\n\n\n\n<p>This means that if you implement\u00a0Cookiebot CMP\u00a0on your website and don\u2019t change any settings,\u00a0<strong>your cookie banner configuration will be in compliance with the GDPR by default<\/strong>.<\/p>\n\n\n\n<p>If you change standard settings and are unsure whether your cookie banner still lives up to the GDPR\u2019s requirements, <a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">check out our easy-to-follow guide here.<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized is-style-cb-rounded\"><img loading=\"lazy\" decoding=\"async\" src=\"\/media\/4127\/noyb-image-2.jpeg?width=450&amp;&amp;mode=max\" alt=\"Illustration of gardening tools and a phone - Cookiebot\" width=\"770\" height=\"513\"\/><figcaption class=\"wp-element-caption\">End-user consent is a simple, but powerful tool to ensure data privacy on the Internet.<\/figcaption><\/figure>\n\n\n\n<p>At Usercentrics, the parent-company of\u00a0Cookiebot CMP, we work to protect end-user privacy by delivering easy-to-use and automatic compliance solutions to websites all over the world.<\/p>\n\n\n\n<p>We believe that our solution can help foster a thriving, sustainable internet economy by balancing data privacy and data-driven business around end-user consent.<\/p>\n\n\n\n<p>Cookiebot CMP\u00a0is highly customizable so that websites anywhere can configure their cookie banners to fit the local and relevant data protection requirements, and to make sure they fit with website designs.<\/p>\n\n\n\n<p>Cookiebot CMP\u2019s\u00a0world-leading scanner automatically detects all cookies and trackers on your website and controls them in an easy-to-use cookie banner that lives up to all requirements by the EU\u2019s GDPR.<\/p>\n\n\n\n<p>Cookiebot CMP\u00a0offers compliance solutions for all major data privacy laws \u2013 not just\u00a0<a href=\"\/en\/gdpr\/\">EU\u2019s GDPR<\/a>, but also\u00a0<a href=\"\/en\/ccpa\/\">California\u2019s CCPA\/CPRA<\/a>,\u00a0<a href=\"\/en\/lgpd\/\">Brazil\u2019s LGPD<\/a>,\u00a0<a href=\"\/en\/popia\/\">South Africa\u2019s POPIA<\/a>,\u00a0<a href=\"\/en\/pipeda\/\">Canada\u2019s PIPEDA<\/a>,\u00a0<a href=\"\/en\/thailand-pdpa\/\">Thailand\u2019s PDPA<\/a>,\u00a0<a href=\"\/en\/malaysia-pdpa\/\">Malaysia\u2019s PDPA<\/a>\u00a0and many others.<\/p>\n\n\n\n<p>Following NOYB\u2019s cookie banner campaign, we have created an overview of possible GDPR violations and a step-by-step guide for how you can ensure that your cookie banner is configured in GDPR compliance.<\/p>\n\n\n\n<p>Our <a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">step-by-step guide<\/a>&nbsp;takes you through the Cookiebot CMP manager and points out all the places where a GDPR violation could occur if settings are changed.<\/p>\n\n\n\n<p><a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">See our guide to make your Cookiebot CMP banner fully GDPR compliant<\/a><\/p>\n\n\n\n<p><a href=\"\/\">Scan your website for free to find and control all cookies in use<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/admin.cookiebot.com\/signup\" target=\"_blank\" rel=\"noreferrer noopener\">Try Cookiebot CMP free for 14 days<\/a>\u00a0\u2013 or forever if you have a small website<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-the-gdpr-s-requirements-for-your-cookie-banner\">The GDPR\u2019s requirements for your cookie banner<\/h3>\n\n\n\n<p>Under the <a href=\"\/en\/gdpr\/\">EU\u2019s General Data Protection Regulation (GDPR)<\/a>, it is the legal responsibility of website owners and operators to ensure that personal data from individuals inside the EU is only collected and processed if end-users have given their prior, explicit consent.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized is-style-cb-rounded\"><img loading=\"lazy\" decoding=\"async\" src=\"\/media\/4128\/noyb-image-3.jpeg?width=450&amp;&amp;mode=max\" alt=\"Illustration of laptop with greenery around it - Cookiebot\" width=\"770\" height=\"513\"\/><figcaption class=\"wp-element-caption\">GDPR compliant cookie banners empower end-users to easily protect themselves and their data.<\/figcaption><\/figure>\n\n\n\n<p>Summarized, the GDPR makes the following requirements for how your website must collect end-user consents (via cookie banners) \u2013<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prior and explicit consent must be obtained before any activation of cookies (apart from whitelisted, necessary cookies)<\/li>\n\n\n\n<li>Users must have an equally easy choice between \u201crejecting\u201d or \u201caccepting\u201d cookies, i.e. the \u201creject\u201d option is not allowed to be hidden away in a cookie banner\u2019s second layer. The \u201creject\u201d option is also not allowed to be obscured by way of different color or design schemes<\/li>\n\n\n\n<li>Consent must be freely given, i.e. no pre-checked boxes on the cookie banner<\/li>\n\n\n\n<li>Consent must be granular, i.e. users must be able to activate some cookies rather than others and not be forced to consent to either all or none \u2022 Consent must be as easily withdrawn as they are given<\/li>\n\n\n\n<li>Consent must be informed on the part of the end-users, i.e. all your cookies must be classified and correctly assigned<\/li>\n\n\n\n<li>Consent must be securely stored as legal documentation<\/li>\n\n\n\n<li>Consent must be renewed at least once per year. However, some national data protection guidelines recommend more frequent renewal, e.g. 6 months. Check your local data protection guidelines for compliance.<\/li>\n<\/ul>\n\n\n\n<p>If you\u2019re in doubt whether your website\u2019s cookie banner meets all the above GDPR requirements, <a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">check out our easy guide here.<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/support.cookiebot.com\/hc\/en-us\/articles\/4401873267090\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guide to ensure GDPR compliance with Cookiebot CMP<\/a><\/p>\n\n\n\n<p><a href=\"\/en\/gdpr-cookies\/\">Learn more about the GDPR and cookies<\/a><\/p>\n\n\n\n<p><a href=\"\/\">Scan your website for free to see all cookies in use<\/a><\/p>\n\n\n\n<p><a href=\"\/en\/iab-tcf-cookies\/\">Learn more about Cookiebot CMP and the IAB Transparency and Consent Framework<\/a><\/p>\n\n\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>What is NOYB\u2019s cookie banner campaign about? Privacy group fights dark patterns on cookie banners with new tool The non-profit privacy group NOYB (None of Your Business)&nbsp;has announced a campaign to \u201cend cookie banner terror\u201d on the Internet by forcing websites to trim deliberately complicated and unlawful cookie banners in order to become compliant with [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":800,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"editor_notices":[],"footnotes":""},"categories":[1],"tags":[],"class_list":["post-799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"acf":[],"thumbnail_status":false,"thumbnail_url":"https:\/\/www.cookiebot.com\/en\/wp-content\/uploads\/sites\/7\/2022\/01\/noyb-hero-3d_1200x630_ffffff.png","_links":{"self":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/comments?post=799"}],"version-history":[{"count":0,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/posts\/799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media\/800"}],"wp:attachment":[{"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/media?parent=799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/categories?post=799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cookiebot.com\/en\/wp-json\/wp\/v2\/tags?post=799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}