Ms. X, represented by noyb - European Center for Digital Rights – Complaint Upheld (Belgium, 2023)
A complaint was filed against a Belgian media company for having a confusing cookie banner that made it hard to refuse cookies. The data protection authority found that the company misled users about their cookie choices. This case shows that companies need to make it easy for users to refuse tracking.
What happened
A complaint was upheld against Radio Télévision Belge de la Communauté Française for misleading cookie consent practices.
Who was affected
Website visitors who encountered the confusing cookie banner on the media company's site.
What the authority found
The authority ruled that the cookie banner did not provide a clear option to refuse cookies, violating user rights.
Why this matters
This case highlights the need for clear and fair cookie consent mechanisms. Companies should ensure their cookie banners are user-friendly to avoid similar complaints.
National Law Articles
Entities Involved
On 18 July 2023, a data subject filed a complaint with the Belgian DPA against Radio Télévision Belge de la Communauté Française (Rtbf - the controller) for their misleading cookie banners. Specifically, the complainant alleged four practices on the website: that there was no “refuse” option on the first level of information in the cookie banner, the presence of misleading button colours, that it was not as easy to withdraw consent as to give it and that the controller referred to legitimate interest. On 21 September 2023, the DPA started the discussions on a settlement proposal. After receiving the proposal on 20 October 2023, the complainant requested six changes to the proposal, including more explicit rules on the appearance of the cookie banners as well as their location, an injunction of the controller to cease unlawful treatment, and a fine under the Article 83(1) GDPR. Considering the facts of the case and the changes requested by the complainant, the DPA rejected all the changes; arguing it would not change the outcome of the settlement and that the fine was only possible if the case was tried on its merits, which is not the case in a settlement proposal. Indeed, the complaint was settled through a settlement decision provided in [https://www.autoriteprotectiondonnees.be/publications/loi-organique-de-l-apd.pdf Article 95(1)(2) LCA], the Belgian national law establishing the national data protection authority. With regards to the first request, the DPA held that a "refuse all" button does not need to be added to the first layer together with the "accept and close" button since this would not lead to a concrete result. Secondly, the DPA held that it was true that both buttons mentioned above were equally visually attractive. However, generally, controllers should not display 'less (visually) attractive' options. Next, the DPA considered the complainant's argument that it is a data subject's right under [https://eur-lex.europa.eu/legal-content/EN/ALL/?ur
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.
Art. 7 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for Ms. X, represented by noyb - European Center for Digital Rights in BE
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. Ms. X, represented by noyb - European Center for Digital Rights - Belgium (2023). Retrieved from cookiefines.eu
Last updated: