Privacy group noyb.eu is currently attempting to propose up to 10,000 complaints against unclear opt-out options on cookie notices on multiple firms’ sites, claiming that they are violating General Data Protection Regulation (GDPR) guidelines.
Noyb, short of “none of your business”, is a privacy collective advocated by Max Schrems. The apparent “cookie banner terror” involves hundreds of companies making it deliberately difficult for users to opt-out of being tracked from site to site in a third-party advertising tracking strategy. Many websites encourage user consent by altering the design of the cookie banner, often highlighting “accept all” in big, green font, or making it awkward for users to change privacy and data protection settings.
“…by law, users must be given a clear yes/no option. As most banners do not comply with the requirements of the GDPR, noyb developed a software that recognizes various types of unlawful cookie banners and automatically generates complaints.”
Noyb’s automated system has already submitted 560 draft complaints, 81% of which were to do with not offering a “deny” option for website cookies on the initial banner, instead hiding it in a secondary page. Noyb stated another 90% failed to provide an easy way to revoke consent and 73% used misleading colours to confuse users into accepting the terms. Companies are given up to a month, after receiving the complaint, to respond and change their software settings to comply with GDPR law. If ignored, the company could risk a fine of either £17.5m or 4% of their global revenue.
Could GDPR be clearer?
GDPR is all about the protection of personal data of EU citizens, forbidding that data to be used by third parties without consent and giving citizens greater control over their personal information and protection options. GDPR’s guidelines dictate that users should be given a “yes” or “no” option in giving consent to their privacy and data, but there are no obvious rules established to how companies offer these options to users, with many companies discovering misleading designs to trick users into accepting website cookies. Noyb argues that these methods are “frustrating” users into simply consenting.
GDPR is not without its faults, but it applies to every organisation in the EU, including the UK even though Brexit has now come into effect. As stated by noyb, the consequences for not complying by GDPR regulations can seriously damage your business’ reputation and overall success. Today, almost all companies are involved with customer and employee data, meaning companies need to abide by data protection rules more than ever.
To learn more about GDPR settings and privacy policies within website management, and what we can do to make sure your site is compliant, contact a member of the Engage Web team.