MediaHuis – Complaint Upheld (Belgium, 2024)
MediaHuis faced complaints for its cookie banners that made it hard for users to reject consent for data tracking. The Belgian DPA found that the company did not comply with GDPR requirements for clear consent options. This case serves as a reminder for website operators to ensure their cookie consent practices are user-friendly and transparent.
What happened
MediaHuis had cookie banners that lacked a clear reject button and made it difficult for users to withdraw consent.
Who was affected
Visitors to MediaHuis websites who encountered the confusing cookie banners were affected.
What the authority found
The Belgian DPA ruled that MediaHuis violated GDPR by not providing clear options for consent and withdrawal.
Why this matters
This ruling highlights the importance of user-friendly consent mechanisms for websites. Operators should ensure their cookie banners comply with GDPR to avoid complaints and potential fines.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Entities Involved
A data subject visited four website operated by MediaHuis, namely: * Gazet van Antwerpen; * De Standaard; * Het Nieuwsblad; * Het Belang van Limburg. On each website there was a cookie banner which: * Didn’t contain a reject button within its first layer;Buttons colours were misleading; * It was not as easy to withdraw consent as it was to give it; * Contained a reference to the legal basis of legitimate interest. The data subject filed four complaints referring to abovementioned cookie banners with the Belgian DPA (ADP/GBA). noyb was appointed by the data subject as their representative under Article 80(1) GDPR. MediaHuis was assigned the role of data controller. According to the controller, the law, especially Article 7(3) GDPR or Article 4(11) GDPR, didn’t prescribe the controller to implement reject button within the first layer of the cookie banner or to use different colours for the buttons or to implement consent withdrawal option in a particular way. The fact that the cookie banners were not in line with the guidelines of different data protection authorities and the EDPB, as mentioned by the data subject, did not amount to violation of the GDPR. Moreover, the data subject gave their consent for processing activities of the controller and, for that reason, they had no interest to bring a case before the DPA. The DPA found the controller violated the Article 5(1)(a) GDPR, Article 6(1)(a) GDPR, Article 7(3) GDPR. Firstly, the DPA clarified that for the consent to be freely and unambiguously given under Article 6(1)(a) GDPR and Article 5(3) ePrivacy Directive, the reject button had to be presented alongside the accept button. Otherwise, the data subject would have no real alternative to consenting for placing and processing cookies. Secondly, the buttons’ colours used by the controller were of deceptive nature. They inclined a data subject to give a consent for the cookies processing. Because of that, the controller was in breach of Article 5(1)(a) GDPR. S
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Violations (4)
Cookie banner does not provide a clear reject/refuse all button at the same level as the accept button.
Art. 7 GDPR
Refusing cookies requires more clicks or steps than accepting them, or the reject option is less visually prominent.
Art. 7 GDPR
The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).
Art. 7 GDPR
No accessible mechanism exists for users to withdraw previously given cookie consent.
Art. 7(3) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for MediaHuis in BE
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. MediaHuis - Belgium (2024). Retrieved from cookiefines.eu
Last updated: