noyb.eu’s Post

Key takeaways from noyb.eu Cookie Banner Report: ✅ Clear & Easy Choices: Users MUST have a "reject all" option at the same level as "accept cookies." ❌ Pre-ticked Boxes are a No-Go: Get user consent the right way. ⚠️ Not All Cookies Are Equal: Cookies that are not "strictly necessary" require your user's explicit consent.

Great achievement regarding Cookie Banner Consent, report by noyb.eu : 🎉 OUT NOW: noyb's Consent Banner Report! 🎉 👉 We have compared the findings of the EDPB's Cookie Banner Taskforce with the positions taken by national DPAs in guidance documents and actual decisions. Some takeaways: 1️⃣ Almost all authorities agree: If there is an "accept cookies" option, there needs to be a "reject" option on the same layer of the consent banner. 2️⃣ Pre-ticked check-boxes are not permissible. 3️⃣ Consent is mandatory for cookies that are not "strictly necessary". 👉 We believe that this report will be a valuable resource for companies setting up consent banners. 👉 In addition, we hope that the report will spark further discussion about the guidelines adopted on deceptive practices, and how they can be developed in the future to ensure that users have a fair and free choice when it comes to consent banners. #Cookies #DeceptivePractices #CookieBannerConsent

📊 noyb.eu published a report regarding #Cookie #Banner “Overview of #EU and national guidelines on dark patterns”. The Consent Banner Report discusses the issue of the absence of a 'reject' button on the first layer of a consent banner. According to industry statistics, only 2.18% of users visit the second layer. Hence, refusing consent generally takes twice as many steps as granting consent. The report discusses the findings of the European Data Protection Board (#EDPB) Cookie Banner Taskforce, which considers banners without a reject option in any layer as an infringement of the #ePrivacy Directive. However, there are exceptions. The BayLDA has argued that a link named 'continue without accepting' can be a clear enough alternative to a 'reject' button. Similarly, BlnBDI has stated that it's more important that users recognise the options rather than the design of the buttons. The AEPD in Spain continued to accept banners without a 'reject' option on the first layer in its old 2020 Guidelines, which goes against the EDPB Taskforce Report on this issue. However, new guidelines applicable from January 2024 now require a reject option on the first layer of the banner. Here are a few more takeaways from the report from several countries: 1.      #Denmark's Datatilsynet agency asserts that it's unlawful to provide a consent mechanism where refusing consent is some way more difficult or less prominently displayed than the option to give consent. They argue this is against the principle of transparency. 2.      In #Finland, Traficom (the Transport and Communications Agency), also agrees that refusing to give consent should never be more complicated than granting it. They use cookies as an example, explaining that rejecting nonessential cookies should not be any more difficult than accepting them. 3.      #Germany's DSK states there is an "effect and information deficit" if one option (e.g., "accept all" buttton) is presented clearly and the other option is kept nebulous. They assert that effective consent can't be met unless users are offered equivalent options to give or refuse consent. 4.      The #Greek HDPA believes that a user should be able to accept or reject trackers with the same number of actions (clicks). 5.      According to #Ireland's DPC, you should not use a banner or pop-up that nudges a user towards accepting cookies over rejecting them. 6.      In #Luxembourg, the CNPD recommends that equivalent possibilities should be offered for giving and refusing consent. They argue that if consenting to a particular purpose requires several operations (clicks, etc.), rejecting it shouldn't require more. 7.      The Spanish #AEPD says that the first layer of information should detail how a user can accept, configure, and reject the use of cookies. These remarks from each of these data protection agencies emphasize the importance of equal and easy-to-use options for giving and refusing consent when it comes to managing personal data.

Want to know if your #cookiebanner cuts it? Check out the "takeaways" below from noyb.eu's review of the European Data Protection Board's Cookie Banner Taskforce examination of the various #DPA's (Data Protection Authorities) positions concerning cookie banner policies.

Didomi and OneTrust These are your customers noyb.eu . As they are the seller of cookie banners SaaS solution which don’t match the de minimis requirements set by eprivacy nor by GDPR . Not to talk about consent SDK for mobile apps. IAPP - International Association of Privacy Professionals These are your partners to amplify the findings of your study. IAB Europe This is the organization that should modify the TF 2.0 approach to align with the findings of your report. It could not be more helpful to the media industry behind it lagging compliance and spending most of its time in attacking Google and Apple for their TF on OS. ErnieApp | Your Privacy Knowledge Manager This is the only consumer facing enterprise mobile solution which today allows to manage user consent lifecycle (on cookies and on profiles) dynamically. If you are a company and think about how to regain ‘consent’ once lost, contact us. #privacy #consumers #rights #market #economics #competition #innovation #compliance

This is why the EDPB's belief that contextual ads can easily substitute for targeted ones makes no sense. Contextual ads place information on and collect information from the end users's device so they can do some important functions like making sure you don't see the same ads over and over again. This isn't "strictly necessary" since ads still get delivered but that means contextual advertising also requires consent under the ePrivacy directive as implemented.

The EDPB to discuss a letter to the European Commission on the cookie pledge initiative. After yesterday's chats I had with Vadym Honcharenko, Daniel Sereduick, Achim Schlosser, my big question is how the EC's initiative cookie pledge initiative based on the Unfair Commercial Practices Directive (Articles 6 and 7) can work with ePrivacy Directive, Opinion 4/2012 on Cookie Consent Exemption and the proposed Guidelines 2/2023 on Technical Scope of Art. 5(3) of ePrivacy Directive. Only when they receive clear information on the service, including the value exchange required by the traders and the eventual conditions on their privacy preferences, they can take a fully informed choice and decide on whether they accept the conditions of the commercial relationship they are about to enter. Clear information on the commercial conditions shall not be misleading according to the Unfair Commercial Practices Directive (Articles 6 and 7). It is in general not sufficient that this information can be found in the Terms and Conditions, it should be given in a prominent manner at the start of the navigation.

👉 noyb's Consent Banner Report compares the findings of the EDPB's cookie banner taskforce with the positions of national DPAs! https://lnkd.in/d37pBPxZ 👉 We believe that this report will be a valuable resource for companies setting up consent banners. In addition, we hope that the report will spark further discussion about how we can ensure that useres have a fair and free choice in consent banners. 🔽 Below is an overview of the different positions taken by national DPAs compared to the recommendations of the EDPB taskforce:

Thanks Luis. This shows exactly why the many flaws of the Opinion are problematic: they *are* having an impact on DPAs' practices. More about those flaws: https://lnkd.in/enEGy9Ad We will discuss some of that (among many other topics) during tomorrow's (free) 2h webinar on Adtech & Metrics. Register now! https://lnkd.in/eWfBq8Tn Edit: see EN machine translation with changes highlighted here: https://lnkd.in/e4bYxW9Q #GDPR #dataprotection #privacy

In one hour on #LinkedInLive! "Consent or Pay: The EDPB weighs in" features IAPP's Joe Jones alongside EDPB's Diletta De Cicco discussing the 17 April European Data Protection Board opinion. The opinion addresses the validity of consent to process personal data for the purposes of behavioral advertising in the context of consent-or-pay models deployed by large online platforms. Understand more when you register and attend: https://bit.ly/4d6xgQ3