This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Welcome to Reed Smith's viewpoints — timely commentary from our lawyers on topics relevant to your business and wider industry. Browse to see the latest news and subscribe to receive updates on topics that matter to you, directly to your mailbox.
| 1 minute read

UK: Does your cookie banner include a "reject all" button?

...if not, you may find yourself on the radar of the UK's data protection regulator, the ICO. Stephen Bonner, the deputy commissioner at the ICO, told MLex last week that the ICO is “paying attention in this area.”   

This follows a string of enforcement actions taken by the CNIL, the French data protection regulator; most notably the 150 million euro fine it issued to Google.  

The cookie rules in the UK and EU are governed by the ePrivacy Directive, which has been implemented separately by each EU Member State (and the UK). It overlaps with the GDPR in the sense that the test for valid consent to the use of cookies must comply with the standard set out in the GDPR. As a result, many regulators are viewing the lack of a "reject all" button on a cookie banner to mean that consent to cookies is not "freely given" (one of the criteria for valid consent). 

Marketers in particular are using numerous creative techniques to "nudge" users into consenting to the use of cookies, including by not including an easy way of refusing cookies. Failing to include a "reject all" button is becoming a risky technique and will force marketers to be more creative in future. 

Companies that fail to put a “reject all” button on their website cookie banners face a high likelihood of intervention by the UK’s data protection authority, a senior figure from the regulator has warned.


emerging technologies