German Court Requires Clear 'Reject All' Option for Cookie Banners
When faced with cookie consent banners, many internet users quickly click “Accept All,” unknowingly allowing extensive tracking. However, the Hanover Administrative Court in Germany has ruled that websites must also provide a clearly visible “Reject All” button alongside the “Accept All” option.
Websites that design consent banners to push users toward accepting cookies violate the General Data Protection Regulation (GDPR) and German law.
According to the State Commissioner for Data Protection of Lower Saxony, “Website operators must display a clearly visible ‘Reject All’ button on the first level of the cookie consent banner if an ‘Accept All’ button is shown.”
The court emphasized that banners must not be designed to encourage acceptance while discouraging rejection. This legal stance supports the idea that users should have a fair and straightforward choice regarding data collection.
German tech outlet heise.de reports that the decision marks a significant win in an ongoing legal dispute over misleading cookie banners. The victory was secured by State Commissioner Denis Lehmkemper in a case against Neue Osnabrücker Zeitung (NOZ), a major regional media company. The court found that NOZ’s banner failed to give users a genuine choice.
The court identified several problematic practices, including:
- Making it harder to reject cookies than to accept them
- Repeating consent banners to pressure users
- Using phrases like “optimal user experience” to encourage acceptance
- Hiding the number of partners and third-party services involved
- Concealing options for withdrawing consent or learning more about third-party data processing
Lehmkemper hopes the ruling will prompt more website operators to adopt data protection-compliant consent practices.
Authorities in other countries are also tackling similar issues. The Dutch Data Protection Authority recently identified five organizations using non-compliant cookie consent methods. In the UK, regulators gave websites a 30-day deadline to ensure users can reject advertising cookies just as easily as they can accept them.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
