The "Accept all" button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.

The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.

Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.

  • Jajcus@sh.itjust.worksEnglish
    55·
    2 days ago

    And it should include this mysterious ‘legitimate interest’, or whatever it is called - always on by default in ‘my choices’, even though no one seems to be able to explain what this means. How can I make an informed consent on something that vague?

    On the other hand, not ‘Reject All’, but ‘Reject All except functionally necessary’ (which should be precisely regulated by the law), otherwise there will be no cookie to remember our ‘reject all’ choice, which I am sure the corpos would happily use do discourage us from clicking that.

    • rmuk@feddit.ukEnglish
      3·
      19 hours ago

      Okay, so I’m going to copy-paste an answer I got from someone I know who works in a legal department:

      Basically, Legitimate Interest lets them track you as if you clicked Accept All, then subsequently they can decide if they think you would benefit from the tracking by their own metrics, which includes things like targeted advertisting which, of course, they do. So “Legitimite Interest” really means “Reject, But Actually Accept”.

    • jmcs@discuss.tchncs.deEnglish
      18·
      2 days ago

      Rejecting cookies without asking every time requires a cookie and that is clearly legitimate interest. The problem with legitimate interest is that it’s not well defined enough and then you have companies claiming that Adsense personalization is an absolute necessity for their website.

      • Jajcus@sh.itjust.worksEnglish
        3·
        19 hours ago

        But that would be cookie for the website I am visiting, not for a dozen of ‘partners’. And these are the ‘legitimate interest’ on-by-default switches I am talking about.

        • jmcs@discuss.tchncs.deEnglish
          1·
          18 hours ago

          That’s were the ambiguity comes into play. The laws related to cookies want to allow things like cookies for fraud prevention and antibot protection, the problem starts when the business people say the personalised ad revenue makes it legitimate and the developers and product managers decide that having a bazillion trackers making their job a little easier makes it absolutely essential.

    • sfxrlz@lemmy.dbzer0.comEnglish
      21·
      2 days ago

      That shit makes me so mad. What the fuck is legitimate interest if not the cookies which are set anyway to make the site function It’s just purposefully misleading.

    • Blue_Morpho@lemmy.worldEnglish
      19·
      2 days ago

      I’m sure “functionally necessary” already means we share your data with everyone because we setup a system where the local page state is managed by third parties that we are selling your data to.

    • lime!@feddit.nuEnglish
      10·
      2 days ago

      the “functionally necessary” cookies, which are served by the site itself (e.g. not a third party), do not require a banner at all. if you have no third party cookies, you can do entirely without it.