Der Standard – Complaint Upheld (Austria, 2023)
Der Standard faced a complaint for its cookie consent practices on its website. The Austrian data protection authority found that the cookie banner did not allow users to give valid consent, as it pressured them into subscribing to access content. This ruling stresses the importance of clear and fair consent mechanisms.
What happened
Der Standard's cookie banner offered users only two options: consent to data sharing or buy a subscription.
Who was affected
Visitors to Der Standard's website who interacted with the cookie banner.
What the authority found
The Austrian DPA ruled that Der Standard's cookie consent practices did not comply with GDPR requirements for valid consent.
Why this matters
This case underscores the necessity for websites to provide genuine choices for consent. Companies must ensure their cookie practices are transparent and user-friendly.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On 13 August 2021 the data subject visited the website of Der Standard, an Austrian newspaper. In order to access the content, the website’s cookie banner offered the data subject either the option to consent to targeted advertising or to buy a subscription to the online version of the newspaper. The data subject chose the first option. As a consequence, their data were shared with at least 125 third parties. According to the data subject, consent was invalid as the cookie banner did not meet the requirements established by the GDPR. Among others, the data subject claimed that they were not in the position of freely giving their consent to the processing for advertising purposes, as the only feasible alternative would have been to subscribe to the newspaper. Therefore, the data subject asked the Austrian DPA to declare the unlawfulness of the processing and order the controller to erase data (Article 17 GDPR) and stop processing operations. The data subject also suggested the adoption of a fine. The controller replied that journalism is not free of costs. It also claimed that there was no evidence that the data subject effectively visited the website. The controller also stressed that the price for an alternative to the data subject’s consent (the subscription) was reasonable. Moreover, the practice of sharing data for targeted advertising was not a choice of the controller, as today almost 100% of online advertisement is to some extent personalised. The data subject objected that the fact that a business model is dominant does not make it legal. In particular, consent is not validly given if the only feasible alternative is a binding contract with the controller (“pay or okay”). Data showed that users of the website opted for “consent” in more than 99% of the cases, which is a clear sign that consent was not freely given. The controller denied that these data were applicable to the present case. As a preliminary consideration, the Austrian DPA stressed that no jo
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (5)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Third-party tracking cookies or scripts are loaded without obtaining prior user consent.
Art. 13, 14 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
Users cannot select or deselect individual cookie categories; consent is presented as all-or-nothing.
Art. 4(11) GDPR
Related Enforcement Actions (1)
Other enforcement actions involving Der Standard in AT
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Der Standard - Austria (2023). Retrieved from cookiefines.eu
Last updated: