Skip to main content

The European Data Protection Board, or the EDPB, has recently created a new task force that addresses cookie banners.

The European Data Protection Board, or the EDPB, has recently created a new task force that addresses cookie banners. They will be responsible for coordinating the complaints filed by the NOYB nonprofit, which all relate to cookies.

So, what do you need to know as European regulators begin to take cookie consent more seriously?

This guide will review the implication of the new cookie banner task force, and what your organization needs to do to remain compliant with the GDPR, ePrivacy regulations, and other data security laws.

The European Data Protection Board, or the EDPB, has recently created a new task force that addresses cookie banners.
The European Data Protection Board, or the EDPB, has recently created a new task force that addresses cookie banners.

The Cookie Banner Task Force

The EDPB, or the European Data Protection Board, just created a new cookie banner task force. This response indicates that regulators are beginning to take cookie consent more seriously, and the NOYB was a significant driver.

The None of Your Business (NOYB) is a nonprofit organization founded by Max Schrems, and it is based in Austria. They have an EU focus and aim to launch strategic efforts to support the adoption and enforcement of the GDPR and the proposed ePrivacy Regulation. In general, their goal is to gather support for information privacy across the European Union.

It currently has over 4,000 members, and they have focused on privacy violations that occur in the private sector. They have even been recognized as an entity that can bring up class-action lawsuits in Belgium.

So, how does cookie consent relate to all of this? Well, the NOYB has submitted more than 400 complaints regarding cookie banners – and the new task force will be responsible for coordinating and responding to these complaints.

Click here if you would like to know more about the NOYB organisation and the NOYB Cookie banner Guidelines

These are the primary responsibilities of the cookie banner task force:

  • Promote cooperation and sharing of best practices between the SAs
  • Streamline communication
  • Provide support to cookie-related activities on the national level
  • Share legal analysis and potential cookie compliance infringements

While many felt that cookies were viewed as a lower priority issue in the grand scheme of privacy laws, this development makes it clear that they are being taken more seriously. As this becomes a hot topic for the EDPB and other regulatory authorities, you can expect to see additional guidance and increased enforcement.

For instance, data protection authorities in Spain and France have already started to fine companies for failing to comply with cookie laws. Organizations must respond accordingly and ensure that they follow the cookie rules that apply to them.

Cookie Consent Manager | Take a 2 week free trial

Take a 2 week free trial for our paid plans or create a free account …

Create an accountView our plans

Cookie Compliance: Everything You Need to Know

There are basic rules for complying with cookie regulations and requirements. Understanding these rules is crucial to developing your privacy and data management policies – and choosing the right consent management platform.

Here are some of the most important takeaways:

Opt-In Consent

One of the most essential aspects of cookie compliance is obtaining opt-in consent. Organizations cannot rely on pre-checked boxes or misleading banners to convince users to agree to cookies and other tracking tools.

Likewise, consent cannot be inferred. Even if a user continues to use a company’s website after they have seen the cookie banner, the organization can’t assume that they agree to share their private data.

In other words, consent must be explicitly given through an opt-in or opt-out process. This consent must also be granular, which means the user can choose what cookies they are willing to accept. For example, a user may be willing to consent to analytics cookies, but not for scripts that will be used for advertising or sold to third parties.

As such, a blanket consent form will not meet the requirements of the GDPR and proposed ePrivacy regulations. The website visitors must also have control over all cookies embedded on the page, which include third-party cookies like Google Analytics or YouTube embed links.

Another aspect of consent per data security laws is that it must be informed. This is a major component of the GDPR that requires organizations to publish a list of their cookies and scripts. Not only must they disclose this list, but they must also describe why the tools are used and how long they will remain on the user’s device. You can find most of this information in a website’s cookie policy.

The Necessity of Cookies

The only time that you can place cookies or other tracking tools on a user’s device without their consent is if they are explicitly needed to provide the desired service.

Some examples of cookies that are strictly necessary include those used to remember language preference, items placed in an online cart, and load-balancing cookies. On the other hand, analytics cookies are not in this category regardless of whether they are first-party or third-party scripts.

Withdrawing Consent

Just as users must give consent before you launch scripts or cookies, they must also have the means to withdraw consent. This revocation should be as easy for them as it was to give the initial opt-in – which means you need a consent management platform that allows them to update their preferences.

Cookie Walls

It is not legal for organizations to require users to consent to cookies to access a website. This cookie wall takes away the ‘freely given’ aspect of consent, as they have no choice but to agree if they wish to view the content on the website.

Are your an agency, webdesigner or another reseller?

Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients

Calculate your revenue

Preparing for the Future

So, what does it mean for your organization that European regulators like the EDPB are taking cookie consent more seriously?

For starters, you should take time to review your website’s consent management system and ensure the processes align with all applicable regulations. Analyze your use of cookies and determine which ones you depend on. Will you need to get opt-in consent for most of your cookies, or are the ones you leverage strictly necessary?

Answering these questions will help you build consent processes that are ready for the future, as the regulatory environment surrounding data security is going to continue to evolve. It also makes sense to partner with a CMP like CookieFirst that can streamline your processes and support the user experience.


Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!