Written by 12:59 Media

If your cookie banner is not compliant, now someone will warn companies

Austrian digital rights NGO Noyb’s initiative to alert companies on how to correct their data protection practices


by Vincenzo Tiani

On 31 May, Noyb, the non-governmental organisation led by Max Schrems, the activist who led to the invalidation of the agreements between the EU and the US on the transfer of personal data because they were deemed to be insecure, announced that it had developed software that analyses the cookie policies of the most visited European websites to highlight how and when they unduly lead users to accept cookies. Cookies are those computer traces that users leave behind while surfing the web and that store everything they do online. All this information collected creates a profile of the user (e.g. he buys a lot online, mainly through a high-end iPhone, does a lot of searches for 5-star hotels) which is then ‘sold’ to advertisers. The more accurate the user profile, the higher its commercial value.

In recent months, thanks also to the increased awareness of users following the introduction of the Gdpr three years ago, the big tech companies have also started to offer cookie-free solutions. Apple, with the latest software update iOS 14.5 for iPhones and iPads, allows users to block the tracking of what they do. Google, on the other hand, has announced that its Chrome browser will soon block access to third-party cookies, as other browsers such as Apple’s Safari, Mozilla Firefox and Duck Duck Go already do. This means that the data on the user’s browsing will be available only to the site on which he is browsing (and to Google), without being accessible to others.

Cookie banners under observation

Noyb will use its software to scan the web for the cookie banner settings of the most visited sites. The type of settings under Noyb’s lens are the fact that the “reject all cookies” button is not immediately visible until after clicking on the banner link, or that the “accept all cookies” button is coloured while the other is grey, prompting the unwitting user to click it. Or that cookies are pre-selected as accepted for marketing.

Proof that a clear and neutral message in the banner can help users to make a more informed choice is the fact that after Apple’s update to iOS 14.5 users who chose to be tracked were on average 12%, with a drop to 4% in the United States.

In order to limit these techniques, Noyb will send the identified sites an email with a document indicating how to improve their cookie policy so as not to influence the user to accept cookies when they don’t want to. If the site has not complied within 30 days, Noyb will send a notification to the relevant privacy authority. At its debut, 560 notices were sent in 33 different countries but the estimate is to send 10,000 by the end of the year.

While initiatives such as this may help both users to have their rights respected and companies to do better, the spread of automatic reporting tools could make it difficult for less structured companies to handle requests. In such cases, therefore, it is always a good idea to strike the right balance between users’ rights and the concrete possibility of following up their requests.

The European debate on cookies is still ongoing

On the one hand, the issue of cookies is at the heart of the European debate given that the e-Privacy Directive, which regulates cookies, has been waiting for years to be updated with a new regulation, but the European Council struggles to find a common position. On the other hand, individual European authorities are acting independently. In January of this year, the Italian Garante closed a public consultation on cookies, while in December 2020, the French Garante fined Google and Amazon a total of 135 million euros for installing profiling cookies without explicit consent.

Originally published on Wired Italia
Licence: Creative Commons Attribution, Non Commercial, Non Derivs 3.0