Most of the cookie consent banners that appear to users in the European Union They are ostensibly seeking permission to track people's web activity. However, many of them are violating regional privacy laws, according to a new study by researchers from MIT, UCL, and Aarhus University.
The findings, published in an article titled “Dark Patterns after GDPR: Scraping Consent Pop-ups and Demonstrating Their Influence,” concluded that most current implementations of cookie notices do not offer users a meaningful choice.
When consent is considered the legal basis for processing users' personal data, the bar for valid consent set by the GDPR is clear: it must be informed, specific, and freely given.
Recent case law from the Court of Justice of the European Union has further solidified cookie law, making it clear that consent must be actively signaled. This means that a digital service cannot infer consent from indirect actions (such as a pop-up being closed) by the user without response or ignored in favor of interacting with the service.
If the banner is configured to contain pre-checked boxes that allow users to share data by default, any "consent" obtained is not legally valid. Authorization for tracking must be obtained before the website or portal activates a cookie. Only those essential to the service can be deployed without asking first.
Banners for privacy by default
The concept of privacy by default means that, as soon as a product or service is launched to the public, the most secure privacy settings should be applied by default, without any manual input from the end user. Furthermore, personal data provided by the user should only be kept for the time necessary to provide the product or service. If more information than is needed to provide the service is requested, this concept is violated.
On a website that uses cookies, They can only be enabled when the user activates this data collection.If a website visitor does not voluntarily enable cookies, no personal information about the user will be collected. The General Data Protection Law requires that all companies that use cookies leave them disabled by default, following this same principle.
Data protection is now an integral part of website and software development. For companies unfamiliar with this concept, the LGPD (Brazilian General Data Protection Law) will bring about a cultural shift, resulting in greater transparency and credibility in their relationship with users. The concept of privacy by default will be increasingly present in public and private companies, all of which process the personal data of their clients, employees, and suppliers in some way.
Make your website more compliant with the LGPD (Brazilian General Data Protection Law).
Privacy Tools offers a cookie consent banner generator In accordance with the concept of privacy by default, for greater compliance with data protection laws. This banner can have customized colors, as well as the message explaining the use of cookies and the logo. The user can accept all, only some, or even reject all. through this tool installed on your website.
To install the banner on your page and make your website more compliant with the LGPD (Brazilian General Data Protection Law), Create your account on Privacy Tools. and begin your journey towards compliance and greater transparency in your relationship with your clients.
