German Court Mandates “Reject All” Button on Cookie Banners

A German court has ruled that websites operating within the country must provide users with a clearly visible “reject all” button on cookie banners. This decision aims to combat manipulative designs that pressure users into accepting cookies, reinforcing digital privacy protections.

The Hanover Administrative Court sided with Lower Saxony Data Protection Officer Denis Lehmkemper, who challenged the cookie banner design of media company NOZ (Neue Osnabrücker Zeitung). Lehmkemper argued that NOZ’s banner failed to obtain valid, informed consent from users before placing cookies and processing their personal data.

The court found that NOZ’s design made rejecting cookies significantly more difficult than accepting them. Users faced repeated prompts, misleading language, and obscured information about third-party partners and data transfers. This, the court ruled, violated the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act.

The ruling emphasizes that consent secured through manipulative design is invalid. Websites must offer a “reject all” option as prominently and accessibly as the “accept all” option.

Lehmkemper hopes this decision will set a precedent for other website operators, prompting them to adopt cookie consent solutions that fully comply with data protection standards. Recent audits have revealed that many websites still fall short of legal requirements, making it easier to accept cookies than to reject them.

This landmark ruling underscores the importance of online privacy and user choice, pushing website operators to improve their consent mechanisms and uphold digital privacy rights.

Keywords: cookie banners, GDPR, data privacy, Germany, reject all button, consent, data protection, online privacy, website compliance