MediaHuis – Complaint Upheld (Belgium, 2024)
MediaHuis faced complaints about its cookie consent practices and was found to have violated privacy rules. This is significant because it shows that companies must make it easy for users to manage their cookie preferences. Businesses should improve their consent mechanisms to comply with regulations.
What happened
MediaHuis was found to have misleading cookie banners that made it hard for users to reject cookies.
Who was affected
Users who visited MediaHuis's websites were affected by the confusing cookie consent banners.
What the authority found
The Belgian DPA ruled that MediaHuis violated GDPR by not providing a clear way for users to reject cookies.
Why this matters
This ruling highlights the need for clear and user-friendly cookie consent practices. Companies should review their cookie banners to ensure compliance with privacy laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
A data subject visited four website operated by MediaHuis, namely: * Gazet van Antwerpen; * De Standaard; * Het Nieuwsblad; * Het Belang van Limburg. On each website there was a cookie banner which: * Didn’t contain a reject button within its first layer;Buttons colours were misleading; * It was not as easy to withdraw consent as it was to give it; * Contained a reference to the legal basis of legitimate interest. The data subject filed four complaints referring to abovementioned cookie banners with the Belgian DPA (ADP/GBA). noyb was appointed by the data subject as their representative under Article 80(1) GDPR. MediaHuis was assigned the role of data controller. According to the controller, the law, especially Article 7(3) GDPR or Article 4(11) GDPR, didn’t prescribe the controller to implement reject button within the first layer of the cookie banner or to use different colours for the buttons or to implement consent withdrawal option in a particular way. The fact that the cookie banners were not in line with the guidelines of different data protection authorities and the EDPB, as mentioned by the data subject, did not amount to violation of the GDPR. Moreover, the data subject gave their consent for processing activities of the controller and, for that reason, they had no interest to bring a case before the DPA. The DPA found the controller violated the Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7(3) GDPR. Firstly, the DPA clarified that for the consent to be freely and unambiguously given under Article 6(1)(a) GDPR and Article 5(3) ePrivacy Directive, the reject button had to be presented alongside the accept button. Otherwise, the data subject would have no real alternative to consenting for placing and processing cookies. Secondly, the buttons’ colours used by the controller were of deceptive nature. They inclined a data subject to give a consent for the cookies processing. Because of that, the controller was in breach of Article 5(1)(a) GDPR. S
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.
Art. 7 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for MediaHuis in BE
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. MediaHuis - Belgium (2024). Retrieved from cookiefines.eu
Last updated: