Cookie banners under fire: Court forces websites to make an honest choice - "Reject all" becomes mandatory!

Who likes to click on "Accept all"? Now there's a legal slap on the wrist!

Everyone knows them, everyone hates them: cookie banners. As soon as you open a website, the annoying window pops up and kindly but firmly asks for permission to collect data. In many cases, there is only one clearly visible option: "Accept all". If you don't want to play along, you often have to laboriously click through submenus - or give in at some point, exasperated. But this is now a thing of the past. The Hanover Administrative Court has sent a clear signal: From now on, websites must also offer an equally easily visible "Reject all" button on the first level.

In a much-noticed ruling, the Neue Osnabrücker Zeitung (NOZ) was obliged to redesign its cookie banner to comply with data protection regulations. Lower Saxony's data protection officer Denis Lehmkemper, who initiated the lawsuit, sees the ruling as a milestone in the fight against the "manipulative design" of many websites.

Those who want to refuse must not be misled

What exactly was the problem? The NOZ banner was allegedly structured in such a way that users hardly had a real choice. Instead of a clear opt-out option, there were mainly large, color-coded buttons with the words "accept and close" or the promise of an "optimal user experience". Rejection? There was somewhere - but deeply hidden. The judges ruled: This is not what voluntary and informed consent looks like.

This also means that consent obtained in this way is not legally valid. So anyone who pretends that there is a choice but deliberately hides it in an unattractive way risks serious consequences. This also includes violations of the Telecommunications Digital Services Data Protection Act (TDDDG) and the General Data Protection Regulation (GDPR).

What does this mean for website operators?

In future, if a company gives the user the option of "accepting all cookies", it must also offer the option of "rejecting all cookies" just as prominently. And this must be immediately visible, not hidden somewhere under "Settings". Other information such as the number of integrated third-party services, the right of withdrawal or data transfer to third countries must not only appear after endless scrolling.

For data protectionists, the ruling is a real success. "The vast majority of people are probably annoyed by cookie banners," says Lehmkemper. Nevertheless, they are important - but only if they are designed fairly. The hope: the ruling sets an example and finally forces websites to communicate transparently.

More clarity, less cookie theater!

What many websites are doing today with their cookie banners is nothing more than a digital push for consent. A fair "yes/no" dialog? Not even close in most cases. Anyone who has to click through five submenus just to protect their privacy is being manipulated - period. If companies want to take their users seriously, they need to show this in the design of their interfaces. Everything else is window dressing.