Iubenda logo
Start generating

Documentation

Table of Contents

NOYB’s campaign against unlawful cookie banners – What is and how to comply with the iubenda Cookie Solution

What’s NOYB?

noyb (None of Your Business) is a non-profit organization started by Austrian privacy activist, lawyer, and author, Max Schrems in 2017.
Among other initiatives, noyb aims, as stated on their website, to end “cookie banner terror” in the EU by ensuring that users are given clear options about their cookie consent and preference choices and eliminate “dark patterns.”

How does the NOYB process work

noyb has set up a system to automatically discover different types of violations and generate GDPR complaints.

After a review from their legal team, companies that are found to be non-compliant are served with an informal draft complaint via email. They are given 60 days to comply with the law by changing their settings. If companies fail to do so, noyb will file a complaint with the relevant data protection authority. This could result in a fine of up to € 20 Million, in accordance with the GDPR.

Examples of NOYB’s research and formal complaints

The results of noyb’s research found that 81 % did not offer a “reject” option on the first cookie banner layer, while a further 73% used deceptive colors and contrasts to lead users to click the “accept” option. Finally, 90% did not provide a way to withdraw consent as easily as giving it.

most common non-compliance issues found in analyzed websites
Source: noyb website, most common non-compliance issues found in analyzed websites

In 2021, more than 500 draft complaints were sent to European companies allegedly using non-compliant cookie banners.
Recently, noyb has launched the second round of its action against deceptive cookie banners and dark patterns. They will continue following their goal by scanning, reviewing, warning, and enforcing the law/best practice on up to 10,000 websites in the following months.

iubenda and the importance of online data protection compliance

The noyb campaign has become very popular within the internet and online news communities, but in fact, they are highlighting points that data protection authorities have already been adopting across Europe in order to prevent dark patterns and ensure clear and more informed choices.

Over the years, iubenda has been committed to offering simple and effective solutions for compliance with the data protection regulations, with a close look at the international best practices and stimulating the sensitivity of companies towards these topics.

How to meet NOYB’s requirements with the Cookie Solution

Our Cookie Solution helps you fully comply with the requirements of the GDPR ePrivacy and more. Not only does it give you full customisation control over your cookie banner and settings, but the automated default GDPR configuration puts you ahead of the game by preventing the major points of non-conformity considered by noyb’s analysis. And, of course, it allows you to be compliant with the rules imposed by the GDPR itself and national DPAs.

cookie solution configurator

Going into more detail, let’s see how to make sure you set the correct settings for your cookie banner, using noyb’s “violation types” list.

Within the Cookie Solution configurator, click on EDIT under the GDPR configuration and select Manual configuration, then make sure that the “Explicit Reject button“ option is enabled.

explicit reject button

Our solution is designed to always respect the opt-in principle, just make sure to have the “Offer granular control with per-category consent” option enabled

granular consent

Our default configuration ensures that the accept and reject buttons are equally conspicuous (color/design/prominence) but you can customize them inside the Style & Text configuration, under Theme options (click on EDIT).
Note that these buttons’ “equal prominence” is a mandatory requirement in several countries, so we highly suggest using the same graphic configuration for both buttons.

customize buttons

Our solution does not allow the use of a link or other options that may make customization hidden or hard to find
The customize button is linked to the accept button, and it’s present by default (you can still manage the enabling of these buttons under the GDPR Manual configuration though).

accept and customize

In terms of design and colors, the customize button does not need to be exactly the same as the accept and reject buttons, in any case you can customize it inside the Style & Text configuration, under Theme options (click on EDIT).
Just check that the button is clearly visible and not hidden by other graphic configurations (e.g. background color and text).

This might be relevant only if you have enabled the IAB TCF configuration. In this case, you should restrict purposes to only allow Consent as a valid legal basis to treat data.
Under the IAB TCF configuration (click on EDIT), enable Restrict purposes and select the “Consent only“ option on each enabled purpose

restrict purposes

Please note that also some national DPAs, like in Italy and Belgium, have excluded the use of legitimate interest as a valid legal basis, that’s why it’s important to restrict it to “Consent only” if you operate in those countries (you can read more about country-specific requirements in our Cookie Consent Cheatsheet).

Our cookie management solution can recognize and block a wide range of cookies, with the exception of the so-called strictly necessary cookies. You can still manually identify the scripts that are subjected to the requirement of prior consent.
Keep attention to set prior blocking to all non-essential cookies. You might have to modify the category you assigned to some script that installs cookies for this issue. You can read more about Manual tagging in this guide.

By default, our solution integrates a privacy widget that allows users to easily access and edit their privacy preferences.
Within Privacy Widget options (under Style & Text configurations) you can customize the position, format, and colors of your widget or choose to add a link in the footer to your page to access privacy and tracking preferences.

privacy widget

The steps we’ve detailed above can be useful whether you want to avoid provoking a complaint from noyb or just want to verify that your settings are consistent with GDPR general requirements.

Manage cookie consent with the Cookie Solution

Generate a cookie banner