Scroll Top
19th Ave New York, NY 95822, USA
FireShot Capture 022 - Free Vector - Flat design content management system illustrated_ - www.freepik.com

Why Getting Cookie Banners Right is Crucial – And How to Do It

If you’ve ever clicked through a cookie banner with a few rapid taps, you’re not alone. Most of us breeze through them, eager to get on with browsing. But for businesses, ignoring or mishandling cookie banners is far from a simple click of “Accept All” and moving on. In fact, getting it wrong can lead to significant fines.

Recently, the French Data Protection Authority highlighted concerns about cookie banners that mislead users into giving consent. Despite the European Data Protection Board issuing clear guidelines nearly two years ago, many businesses still seem to be falling short. The result? Potential penalties and reputational damage.

Who Needs Cookie Banners?

Cookie banners aren’t just a nice-to-have; they are a legal necessity for most businesses operating in the EU or engaging with EU customers. So, who needs to get their cookie banners right? Here’s a quick rundown:

  • E-commerce Websites: If you’re selling goods or services online, cookies are crucial. They track user behaviour to personalise shopping experiences, save cart items, or serve targeted ads. If you’re collecting data to enhance the user experience, consent is a must.
  • Media and Publishing: Ad revenue is central to the publishing world, and cookies play a key role in this. If your site uses cookies for targeted ads or personalisation, you must ask for explicit consent from users.
  • Travel and Hospitality Sites: From airlines to local tourism businesses, cookies are used to offer discounts, personalise experiences, and track movements. Make sure your site has a compliant cookie banner if you’re using these methods.
  • SaaS Providers: Many software-as-a-service platforms also use cookies to track users’ data for performance, analytics, and sometimes targeted marketing. If you’re collecting non-essential user data, a compliant cookie banner is a must.

What Should Cookie Banners Look Like?

Here’s a breakdown of what businesses should aim for when designing their cookie banners:

  • Clear Information: Be specific about what kind of cookies you use—are they strictly necessary, for performance, functionality, or advertising? Users should clearly understand what their data will be used for.
  • No Pre-Checked Boxes: Users must be given a genuine choice to opt in, and rejecting cookies should be just as easy as accepting them. Pre-ticking boxes for cookies is a clear No-Go.
  • An Easy ‘Reject All’ Option: Don’t hide the ‘Reject All’ button—make sure it’s as accessible as the ‘Accept All’ option. If rejecting cookies is difficult, then consent is not freely given, which can lead to compliance issues.
  • Easy Access to Cookie Settings: Don’t make users hunt for the option to manage cookies later. Make it simple for them to find and adjust their cookie settings at any time, without having to sift through long privacy notices.

Real-World Fines for Cookie Violations

Ignoring cookie regulations can come with a hefty price tag. Here are some of the fines imposed across Europe for poor cookie consent practices in 2024:

  • €40,000 Fine – Coolblue (Netherlands)

The Dutch Data Protection Authority fined the well-known e-commerce company Coolblue €40,000 for failing to comply with the cookie consent rules. The company’s cookie banner was found to encourage users to accept cookies by making it more difficult to reject them. In addition, the banner lacked clear and sufficient information about the types of cookies used and the purposes for which they were being deployed.

  • €600,000 Fine – Kruidvat.nl (Netherlands)

The Dutch Data Protection Authority imposed a €600,000 fine on the popular Dutch retailer Kruidvat.nl €600,000 for placing tracking cookies before obtaining valid consent. The company’s use of a pre-ticked box for accepting tracking cookies did not meet the legal requirements for freely given, specific, informed and unambiguous consent.

  • €20,000 Fine – RTL Belgium (Belgium)

The Belgian Data Protection Authority fined RTL Belgium €20,000 for non-compliance with GDPR cookie requirements. The company’s website failed to offer an accessible and clear way for users to reject non-essential cookies, effectively coercing consent.

Take Action

As the examples above show, it’s not enough to slap up a cookie banner and move on. Businesses must ensure their banners are compliant with the EU legal requirements. Users should be given clear, accessible options to make informed decisions about their data.

Don’t leave your business exposed to potential fines. Schedule a complimentary 20-minute call with our expert legal team today. We’ll help you understand how these regulations impact your operations and guide you through implementing compliant cookie banners that protect both your users’ privacy and your brand.

Image by vectorjuice on Freepik

Anna Levitina

Partner

anna.levitina@loganpartners.com

More about Anna

Read other articles written by Anna Levitina