- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
The “Accept all” button is often the standard for cookie banners. An administrative court has ruled that the opposite offer is also necessary.
Lower Saxony’s data protection officer Denis Lehmkemper can report a legal victory in his long-standing battle against manipulatively designed cookie banners. The Hanover Administrative Court has confirmed his legal opinion in a judgment of March 19 that has only just been made public: Accordingly, website operators must offer a clearly visible “reject all” button on the first level of the corresponding banner for cookie consent requests if there is also the frequently found “accept all” option. Accordingly, cookie banners must not be specifically designed to encourage users to click on consent and must not prevent them from rejecting the controversial browser files.
Cookies are used for all sorts of critical things other than tracking. Right now with the current methods of accept all cookies or accept only necessary cookies is fine. All this is going to net is a bunch of uninformed people clicking reject all cookies and then it’s filing support tickets that they can’t log in.
Accept all, one click. Accept only necessary: typically involves turning somersaults.
The ruling is about the latter.
Requires turning some somersaults but leaves you with a viable product. Allow them to reject all and just let it break?
Cookies can be divided into subcategories and depending on what type they are, they may or may not be covered under this ruling.
Heres a nice breakdown of what does and doesn’t have to be included in the reject all option https://gdpr.eu/cookies/ and also a bit of info about the ePrivacy directive that seems to be what the TDDDG law is based on.
So websites with competent cookie management shouldn’t break if a user “rejects all”