The European Data Protection Board (EDPB) established a task force to examine common cookie banner practices across websites. Their findings confirmed that most deceptive design patterns used in cookie banners are illegal under EU privacy law.

Key Findings

The task force identified several non-compliant practices that are widespread across the internet. Banners that lack a "reject all" button in the first layer, those that use visual emphasis to steer users toward acceptance, and designs requiring multiple clicks to decline cookies were all found to violate consent requirements. The fundamental principle established is that rejecting cookies must be as straightforward as accepting them.

Why This Matters

The EDPB is the body where all EU and EEA privacy authorities sit, making its guidance highly authoritative. When the Board takes a position on cookie banner compliance, national authorities are likely to follow suit in their enforcement decisions.

The task force's findings create a genuine dilemma for websites using cookie-based analytics and advertising. Compliant cookie banners that present users with a fair, transparent choice consistently result in high rejection rates. Organizations must choose between legal compliance with lower data collection rates, or continued use of manipulative designs that increasingly attract regulatory scrutiny and fines.