What happened
The Belgian Data Protection Authority (DPA) recently ruled against RTL Belgium, ordering the media company to update its cookie banner to comply with the GDPR.
The decision came after a complaint filed by a trainee at noyb (European Center for Digital Rights), who noticed that the cookie banner on RTL Belgium’s website only had an “Accept All” and a “Know More” button, but lacked a “Refuse All” option. Additionally, the banner’s bright color for the “Accept All” button was seen as misleading, encouraging users to give consent without fully understanding their options.
The DPA found that this setup violated GDPR Articles 5(1)(a), 6(1)(a), and 7(1), which require that consent be freely given and that refusing cookies should be as easy as accepting them.
It also held that the use of vivid colors on the “Accept All” button influenced users unfairly. RTL Belgium was ordered to add a “Refuse All” button on the first layerof the cookie banner and stop using deceptive colors for the buttons. If RTL Belgium fails to comply, it could face fines of €40,000 per day.