noyb success: ORF.at must correct misleading cookie banner

**Austrian Public Broadcaster Ordered to Rectify Misleading Cookie Banner Under GDPR** The Federal Administrative Court (BVwG) has ruled that the Austrian Broadcasting Corporation (ORF) must revise its cookie banner on ORF.at to comply with the General Data Protection Regulation (GDPR). This decision upholds a prior finding by the Austrian Data Protection Authority, mandating that options to accept or reject tracking cookies must be presented with equal prominence to prevent users from inadvertently consenting. The current banner's visually distinct "Accept" button has been identified as a misleading practice, potentially leading to unintended data collection. The ruling stems from a complaint lodged by noyb.eu, which initiated 422 GDPR complaints against websites with non-compliant cookie banners in August 2021. ORF.at, identified as Austria's most visited news website, was among those cited for not offering an immediate option to reject tracking cookies. While ORF subsequently added a "Reject" button, its less conspicuous design compared to the "Accept" option was deemed insufficient by authorities and now by the court. This court decision emphasizes that any implementation of a "Reject" option must be of equal visual weight as the "Accept" button, addressing the use of "dark patterns" to guide user choices. The Federal Administrative Court's reasoning highlights that the unequal prominence violates GDPR principles of transparency and unambiguous consent, meaning ORF has not obtained valid consent for its tracking practices. The implications of this ruling are likely to extend beyond ORF, potentially impacting numerous other websites that employ similar misleading design choices. The court's clear stance that less conspicuous rejection buttons are inadequate sets a significant precedent for how online platforms must present cookie consent choices to ensure genuine user control over their data.