On May 31st, NOYB, an organisation led by Max Schrems, a well-known privacy activist, launched a campaign against unlawful cookie banners.
In this campaign, NOYB filed over 500 draft complaints against the EU websites for their use of unlawful cookie banners. Furthermore, NOYB aims to file 10,000 complaints by using a new tool that can determine the GDPR compliance of the websites in terms of their consent flow.
But what is NOYB, and what is this campaign all about. Seers is going to define all for you.
What is the NOYB Cookie Banner Campaign?
The non-governmental organisation NOYB (None of Your Business) announced a campaign to halt deliberately complicated and unlawful cookie banners used by websites, in addition to forcing them to become compliant with the EU’s General Data Protection Regulation (GDPR).
This campaign analysed websites all around Europe and presented its findings.
NOYB Cookie Banner Complaints:
The concerns NOYB raised were:
- There was no “reject” option next to “accept” in cookie banners, making it difficult for the users to opt out.
- There were pre-ticked boxes in cookie banners, mirroring the false sense of “freely given consent.”
- There was an inaccurate classification of cookies and a wrong claim of legitimate interests.
- It was a lot harder for end-users to withdraw their consent.
Results of Campaign:
On the premise of the following points, NOYB conducted their research. The points, as well as results, are below:
NOYB Complaints: Seers Cookie Banners are GDPR Compliant:
On the premise of a few points, NOYB analysed & declared the cookie banners as non-compliant. But Seers cookie banners, as per every point, are compliant with GDPR.
- Reject or deny option at the first layer:
Seers offer a “reject” or “disable all” button on the first layer of the consent.
- No pre-ticked boxes:
Seers allow the user to choose their cookies. There are no pre-ticked boxes.
- Link instead of reject button:
Some cookie banners contain links instead of a reject button. As a result, users have to surf through layers. But Seers cookie banners provide a “disable all” button on the first layer of cookie banners.
- Deceptive button contrast and deceptive button colour:
Some websites use deceptive practices to maximise user consents and opt-ins.
For instance:
- Making the “reject” button less prominent in comparison to the “accept” button
- Or use colours that make the “accept” button more prominent than “reject.”
NOYB, in their research, also highlighted this point. The best practice here is to make the “reject” and “accept” buttons of the exact sizes and the same colors.
Seers offer highly customisable cookie consent banners. You can design your cookie banner in different colours with yes or no, or reject or accept options. Sign in and start for free
- Easy withdrawal:
As also stressed by NOYB, most of the websites don’t allow easy withdrawal of consent. With Seers, you don’t have to worry anymore because our efficient consent management solution allows easy withdrawal of consent through a cookie badge that appears on the website every time.
- Legitimate interests:
The processing of necessary cookies is legitimate, and some companies, in their shady practices, insert marketing cookies into necessary cookies. And NOYB raises huge concerns about it. But Seers has strictly defined cookie categories in this regard fully compliant with GDPR.
Seers research of UK cookie banners:
The Seers research team analysed 25,000 websites’ cookie banners compliance with General Data Protection Regulation and Privacy and Electronic Communications Regulations (PECR) in its latest research across the UK. We assessed the websites’ cookie banners on the following basis:
- Prior consent:
Here you have to take consent from the user before activating the trackers and all the unnecessary cookies.
- Explicit consent :
In explicit consent, you give the user a free choice to “accept” cookies or reject them. Both options of “accept” and “reject” are in front of them.
- Cookie description:
The cookie description involves the name of the cookie, purpose, and provider of the cookie. However, cookie description can be interlinked with the cookie policy.
- Cookie policy and purpose:
In cookie policy, you describe to your users what type of cookies are active on your website, the user data they track, and where it is sent. This policy also explains the purpose of the collection of cookies.
Results:
The results are given below:
SEERS Consent Management Platform (CMP) Features:
Seers CMP facilitates you in becoming GDPR compliant. Install in just 3 minutes. Sign in and start for free
- Enables blocking scripts, tags, beacons, trackers & pixels until the user gives consent.
- Auto-update of cookie policy after each scan.
- Detail consent record for audit trail and visual dashboard to monitor consent.
- Defines risk level of cookies and categories.
Take legit consent with Seers fully Customisable Cookie Banners:
NOYB raised the complaints, which made cookie banners non-compliant.
But Seers cookie banners in compliance with GDPR are fully customisable and allow to :
- Add “yes” or “no” button
- choose a suitable colour for your cookie banner from our wide range of colours
- Choose from 28 different languages to make the consent procurement process transparent and legitimate.
Aligned with Google Consent Mode:
Instead of using deceptive practices, adopt Seers CMP aligned with google consent mode gives aggregate data and non-identifying basic measurements. Like frequency of visits to your website etc.
Accepted by IAB: Blocking Non-Consented Vendors:
The AB certified TCF2.0 Consent solution blocks non-consented vendors and the other multiple features, thus ensuring your compliance with various data protection regulations at every stage.
Adopting illegitimate in the consent procurement process is a total denial of users’ right to consent, which is a crime.
NOYB here is justified in its claims as in 2020 the MIT, UCL, and Aarhus University researchers analysed the cookie banners employed at 10,000 most popular websites in the UK. They found that only 11.8% were found in minimal compliance with the existing statutory requirements and case law.
It is high time that companies ponder into their deceptive practices of consent gathering and adopt lawful means of processing and collecting user’s data.
