Privacy Group Targets Website Cookie Terror
Privacy group targets website 'cookie terror'
Noyb, which is led by renowned Austrian privacy advocate Max Schrems, is suing companies that make it difficult to opt-out of tracking cookies.
"By law, users must be presented with a straightforward yes/no option," the group stated.
Marketing groups have attributed the problem to the EU's stringent privacy regulations.
Cookies are used for a variety of purposes, but one of the most common is tracking third-party advertising, which is why advertisements for products you may have searched for "follow" you from website to website.
Following the implementation of the EU's General Data Protection Regulation (GDPR) in 2018, websites began to prominently display pop-up forms, and some American websites discontinued service to EU residents.
That was also true for the UK, which had been enforcing the EU directive prior to Brexit.
However, many websites require users to withdraw consent individually for dozens of marketing partners - a process that can take several minutes. Others highlight the phrase "accept all" in green or make it more visible.
According to Noyb - an acronym for "none of your business," this type of form is intended to make it "extremely difficult to click anything other than the 'accept' button."
The majority of websites 'do not comply.'
To combat this, the group has developed an automated system that, according to the group, can detect violations and automatically generate a GDPR complaint.
It asserts that "the majority of banner advertisements do not comply with the GDPR's requirements."
Fines are capped at €20 million (£17.5 million) or 4% of a company's global revenue, whichever is greater.
According to the company, 81% of the 500 pages in its initial batch of complaints lacked a "reject" button on the first page, but rather was hidden in a sub-page. Another 73% used "deceptive colors and contrasts" to entice users to click "accept," and 90% lacked an easy way to withdraw consent, the report stated.
Noyb says it will begin by sending draft complaints to 10,000 of Europe's most popular websites, along with instructions on how to change their settings.
However, it states that if businesses do not comply within a month, it will file formal complaints with appropriate enforcement authorities.
"If successful, users should see more and more websites with simple and clear 'yes or no' options in the coming months," the group said.
'Frustrating people'
Mr Schrems, the group's chair, is a well-known privacy advocate who has previously brought successful legal challenges.
In July of last year, he successfully persuaded Europe's highest court to invalidate an agreement governing the transfer of EU citizens' data to the United States.
Mr Schrems stated that this latest campaign was launched in response to "an entire industry of consultants and designers" who create "crazy click labyrinths."
"Convincing people to click 'okay' is a clear violation of the GDPR's principles," he charged, accusing companies of attempting to "make privacy a hassle for users."
"They frequently design privacy settings in such a way that they are a nightmare to use, but then blame the GDPR for it.
"Because this narrative is repeated on hundreds of pages, users begin to believe that these outlandish banners are mandated by law."
The legal basis for cookie consent is complicated, involving both an older set of rules known as the ePrivacy Directive and the more recent GDPR, as well as a variety of national data protection authorities responsible for enforcing the rules.
Cookies have also come under fire in recent years, with many calling for their abolition.
For example, Google has begun phasing out third-party cookie support in its popular Chrome web browser, citing privacy concerns.
Courses and Certification
Digital Circuits Course and Certification
Embedded Systems Course and Certification
Computer Security Course and Certification
Information Security and Cyber Law Course and Certificate
Web Design Course and Certificate
