RTL Belgium Ordered to Add "Reject All" Button and Stop Using Deceptive Colors on Cookie Banners

UniConsent

3 min read
Table des matières

On October 18, 2024, the Belgian Data Protection Authority (DPA) has issued a decisive ruling against RTL Belgium regarding its cookie consent practices. The decision (No. 131/2024) addresses several key violations found in RTL's cookie banner implementation.

RTL Belgium Ordered to Add Reject All Button and Stop Using Deceptive Colors on Cookie BannersRTL Belgium Ordered to Add Reject All Button and Stop Using Deceptive Colors on Cookie Banners

Background of the case

NOYB filed a complaint against RTL Belgium, claiming that its cookie banners were misleading and did not offer a clear and user-friendly option for visitors to reject non-essential cookies. The organization's investigation revealed that RTL's cookie consent banner displayed a prominent "accept all" button on its first layer but buried the "reject all" option in a more obscure second layer.

Additionally, NOYB pointed out the use of deceptive color schemes, which made the "accept all" option more appealing and the "reject all" option less noticeable—essentially nudging users toward acceptance of tracking.

Key points from the decision:

The Belgian DPA's verdict (Decision No. 131/2024) aligns with GDPR transparency and fairness requirements and enforces the following changes:

Key Ruling: Addition of a "Reject All" Button on the first layer

RTL Belgium must add a "reject all" button on the first layer of its cookie banner. This button must be as accessible and prominent as the "Accept All" button and ensure that users can choose to reject non-essential cookies without unnecessary hassle.

Remove Deceptive Color Schemes

The DPA also ruled against RTL Belgium's use of deceptive colors that make the "accept all" option more prominent than the "reject all" button. According to the decision, all buttons on a consent banner must have the same visual weight to ensure fairness and prevent user manipulation.

RTL Belgium must ensure that withdrawing consent is as straightforward as giving it. The current process makes it more difficult to withdraw consent, requiring users to navigate multiple steps to a specific section of the website, while accepting cookies takes just one or two clicks. The new requirement mandates that withdrawing consent must be as simple and direct as accepting it, to uphold the GDPR’s standard of real user control over data processing.

What Does This Mean for Businesses?

This case sets a precedent for how websites must handle cookie consent mechanisms:

  • Fair Presentation: Websites should present "accept all" and "reject all" options on the first layer of cookie banners, ensuring equal prominence and ease of access for users.

  • Transparency and Usability: Businesses must use neutral design elements for consent options, avoiding manipulative colors or graphics that might influence users to accept tracking against their intentions.

  • Risk of Penalties: Organizations that fail to comply with these standards risk significant GDPR fines, demonstrating the importance of integrating clear and user-friendly consent options into web interfaces.

About UniConsent

UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: hello@uniconsent.com

Reference:

Activate Google Consent Mode UniConsent to enhance the accuracy of your Google Analytics and Google Ads conversion data.

Set up Google Consent Mode →

Commencez à rendre votre site web et votre application conformes au RGPD de l'UE, au CPRA des États-Unis, au PIPEDA de la CA, etc.

S'inscrire

Commencez à rendre votre site web et votre application conformes au RGPD de l'UE, au CPRA des États-Unis, au PIPEDA de la CA, etc.

S'inscrire