Cookie Banners: EDPB Tells Belgian DPA to Stop Dodging Complaints

Table of Contents
EDPB Strikes Down Procedural Roadblock
The European Data Protection Board (EDPB) has issued a binding decision that forces the Belgian Data Protection Authority (DPA) to examine a complaint by NOYB (None of Your Business) about cookie banners on its merits. The DPA had previously rejected the complaint as 'abusive' without providing concrete evidence, a move the EDPB deemed unlawful.
Featured Snippet Bait: Can a data protection authority reject a GDPR complaint as abusive without evidence? No, says the EDPB. The right to lodge a complaint under Article 77 GDPR cannot be dismissed on procedural grounds without proof of abuse.
What Happened?
NOYB, the privacy advocacy group led by Max Schrems, filed a complaint against a company using deceptive cookie banners. The Belgian DPA refused to handle it, claiming the complaint was 'abusive' because NOYB had filed similar complaints before. The EDPB disagreed, stating that the DPA must assess each complaint individually and cannot assume abuse without factual basis.
Why This Matters
This decision clarifies that DPAs cannot use procedural excuses to avoid addressing substantive privacy violations. It reinforces the GDPR's promise that individuals and NGOs can effectively challenge unlawful data processing. As the EDPB put it, the right to complain is a cornerstone of the GDPR, not a privilege that can be revoked on a whim.
Think of it this way: if you call the fire department because your neighbor's house is on fire, they can't refuse to come just because you've called them before about other fires. Each complaint deserves a fair assessment.
Impact on Cookie Banners
Cookie banners have long been a nuisance, often designed to trick users into accepting tracking. The EDPB's decision means that DPAs must now seriously investigate complaints about such practices. This could lead to more enforcement actions and, hopefully, less manipulative banners.
For businesses, the message is clear: ensure your cookie banners comply with the GDPR's requirements for valid consent. The EDPB's Guidelines on Consent provide detailed criteria.
What's Next?
The Belgian DPA must now review NOYB's complaint on its merits. If it finds violations, it can impose fines and order changes. This case also sets a precedent for other DPAs across Europe, discouraging them from using similar procedural tactics to avoid handling complaints.
FAQ
What is the EDPB's binding decision about?
The EDPB ruled that the Belgian DPA must examine a NOYB complaint on cookie banners on its merits, not dismiss it as abusive without evidence.
Does this affect other GDPR complaints?
Yes, it clarifies that DPAs cannot reject complaints on procedural grounds without proof of abuse, strengthening the right to lodge complaints under Article 77 GDPR.
What should companies do about cookie banners?
Ensure cookie banners comply with GDPR consent requirements: clear, specific, and freely given. Avoid dark patterns that manipulate users.

NakedPact Editorial Committee
Article created by the NakedPact editorial team. Our mission is to analyze, simplify, and expose unfair terms and hidden risks in everyday contracts to protect citizens and consumers.
Sources and Legal References

Do you own a website?
Want to communicate your data processing transparency to your users? Dynamically use our badge and showcase your platform's compliance.
Recommended Readings
🛡️ Protect your rights with one click
Don't risk signing abusive clauses. Install the free NakedPact extension for Chrome or Firefox and instantly analyze any contract on the web.
Don't trust, verify.
Now that you know the risks, don't sign blindly. Upload your contract to NakedPact and let AI find the hidden clauses for you. It's 100% free.
Analyze Your Contract Now

