During its plenary session on September 27, 2021, the European Data Protection Board (EDPB) announced that it has set up a cookie banner taskforce to handle complaints filed with several European Economic Area supervisory authorities by the entity known as None of Your Business (NOYB). As you may know, on May 31, 2021 NOYB sent written warnings to over 500 companies claiming that their cookie banners did not comply with GDPR. When the companies failed to remediate all violations within 30 days, NOYB filed 422 complaints with 10 supervisory authorities.
According to the EDPB press release, this taskforce was established in accordance with Art. 70(1)(u) of the GDPR and aims to promote cooperation, information sharing, and best practices between the supervisory authorities. In particular, the taskforce will:
- exchange views on legal analysis and possible infringements;
- provide support to activities on the national level; and
- streamline communication.
At this point the impact this taskforce will have on companies is unclear; nevertheless, it is an important reminder that companies should reassess their cookie policies to ensure they are GDPR-compliant. As evidenced by NOYB’s complaints, cookie banners that fail to give the user a clear “Yes/No” option may receive similar warnings and even complaints. In fact, NYOB has developed a software that automatically generates complaints for cookie banners that they deem are in violation of the GDPR.