The organization noyb has filed 226 GDPR complaints with 18 different authorities targeting websites that deploy misleading cookie consent banners through a widely-used software known as “One Trust.” Despite the GDPR’s intention to give users complete control over their data, Europeans frequently encounter complex and irritating banners that hinder easy rejection of cookies. These banners often employ manipulative design tactics—or “dark patterns”—to coerce users into consenting, as the option to decline is made overly cumbersome.

noyb undertook a comprehensive analysis of thousands of websites employing this common cookie banner software. The legal team at noyb meticulously reviewed each site, prepared GDPR complaints, and issued informal draft complaints to the involved companies. These drafts were accompanied by a step-by-step guide in PDF format advising on necessary software adjustments and a 60-day grace period was given for compliance. Failure to comply within this timeframe prompts noyb to escalate the matter to the relevant regulatory authority.

In its ongoing efforts, noyb is committed to eradicating deceptive cookie consent practices and plans to broaden its enforcement activities. This includes targeting websites that use other Consent Management Platforms (CMPs) such as TrustArc, Cookiebot, Usercentrics, and Quantcast. Additionally, the European Data Protection Board (EDPB) has initiated a special task force to oversee and coordinate the response from the Data Protection Authorities (DPAs) regarding these matters.