On 9th August 2022, noyb.eu lodged 226 GDPR complaints with 18 authorities against websites that use the popular cookie banner software (“OneTrust”) with deceptive settings. Following a first batch of complaints in May 2021 many websites using OneTrust have adapted their settings and added “reject” buttons. OneTrust also changed the standard settings to be more GDPR compliant. However, there are still many websites that do not comply.
Cookies and cookie banners are an often overlooked part of a companies data protection compliance program however any company that offers products and services to individuals in territories where cookie regulations apply, or where companies are involved in routine monitoring of individuals where cookie regulations apply will almost certainly have to implement compliant cookie solutions. This is more complicated than simply adding a banner, companies must ensure that cookies are not deployed without consent and that adequacy rules are considered where data is transferred outside of the individual’s home territory.