Austria orders broadcaster to make “reject’ as prominent as “accept” on cookie banners

Published: 26 May 2026
grey suit, white shirt, grey tie with stripes, dark orange microphone, ORF white letters, white hand
Reporters from the Austrian public broadcaster ORF. Thomas Kronsteiner/Getty.

The Federal Administrative Court ruled that the Austrian Broadcasting Corporation (ORF) must revise the cookie banner on its website.

In August 2021, the Austrian privacy advocacy group noyb lodged 422 GDPR complaints across 10 European countries because companies had integrated cookie banners with deceptive designs and dark patterns on their websites.

“In informal feedback, we heard that companies worried that competitors would not comply, which would create unfair advantages. Others said that they want a clear ruling by the authorities before they start complying. We therefore hope that the data protection authorities will issue decisions and sanctions soon,” noyb Chairman Max Schrems said in a statement at the time.

ADVERTISEMENT

One of the companies that received a GDPR complaint because of misleading and unlawful cookie banners was ORF. The banner on the broadcaster’s website didn’t include a reject button, so visitors couldn't block tracking cookies.

browser cookies
Internet browser cookies. Image by Cybernews.

In October 2024, the Austrian data protection authority (DPA) ruled in noyb’s favor and ordered ORF to implement both a reject and accept button on the first level. By that time, the broadcasting corporation had already installed a reject button, but had done so in a way that it was less prominent than the accept button, the privacy-focused interest group argued.

Consequently, ORF filed an appeal with the Federal Administrative Court to contest the ruling.

Recently, the court confirmed its previous ruling that the ORF’s cookie banner doesn’t comply with the EU’s privacy laws. A colored accept button is misleading and leads to unintended consent, making a user’s approval no longer unambiguous. On top of that, it contravenes the principle of transparency.

“The data protection authority and now the courts have clearly confirmed that cookie banners must offer equally prominent ‘yes’ and ‘no’ options, without any dark patterns. It is outrageous that even the public broadcaster ORF needs a specific court ruling on this matter, a full eight years after the GDPR came into force,” Schrems said in response to the court’s ruling.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

According to noyb, the court’s ruling can be considered a landmark ruling that will have implications for countless other companies and organizations.

ADVERTISEMENT

“The court makes it clear that simply implementing a ‘Reject’ button in a less conspicuous color is not sufficient. Instead, both options must be given equal prominence,” the advocacy group explains.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
Deutsch English Português (BR) Español Français Niederländisch Italian (IT)
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT