noyb success: ORF.at must correct misleading cookie banner
Skip to main content
en
de
fr
nl
el
es
it
pl
fi
bg
hu
cs
sk
noyb success: ORF.at must correct misleading cookie banner
Cookie Banners
21 May 2026
The Austrian Broadcasting Corporation (ORF) must amend its cookie banner on ORF.at to bring it into line with the GDPR. This has now been decided by the Federal Administrative Court (BVwG), thereby upholding a decision made by the Austrian Data Protection Authority in 2024. Specifically, the ORF must ensure that the buttons to ‘accept’ or ‘reject’ tracking cookies are designed equally so that visitors are not tricked into agreeing . Currently, the ‘Accept’ option is misleadingly highlighted in colour, which can lead to unintended consent.
Federal Administrative Court decision GDPRhub<br>Complaint procedure C037-401<br>Background. In August 2021, noyb lodged 422 GDPR complaints against websites that used misleading and unlawful cookie banners. Among them was ORF.at (the most visited news website in Austria) whose cookie banner at the time did not offer any option to “Reject” tracking cookies on the first level. In its decision of October 2024, the Austrian Data Protection Authority agreed with the substance of noyb’s complaint and ordered the ORF to place “Reject” and “Accept” buttons of equal prominence on its cookie banner. At that point, ORF had already added a “Reject” button, but had made it less prominent in colour than the “Accept” option. ORF subsequently lodged an appeal with the Federal Administrative Court (BVwG).<br>Max Schrems, Chairman of noyb: “The data protection authority and now the courts have clearly confirmed that cookie banners must offer equally prominent ‘yes’ and ‘no’ options – without any dark patterns. It is outrageous that even the public broadcaster ORF needs a specific court ruling on this matter a full eight years after the GDPR came into force.”<br>Federal Administrative Court confirms GDPR breaches by ORF. With its decision, the Federal Administrative Court has now confirmed what was already clear in 2024: ORF’s cookie banner does not comply with the GDPR, as highlighting the “Accept” button in colour is misleading for users – and leads to unintended consent. Consequently, consent is no longer unambiguous and also contravenes the principle of transparency, the Federal Administrative Court states in its reasoning. The ORF has therefore not obtained valid consent and must redesign its cookie banner.<br>Possible implications. Given the clarity of the BVwG's decision, it is likely to have implications for countless other companies. The court makes it clear that simply implementing a ‘Reject’ button in a less conspicuous colour is not sufficient. Instead, both options must be given equal prominence. Consequently, ORF is by no means the only company whose cookie banner breaches the GDPR.
Share
Related articles
04.12.2025
Cookie Banners
‘Pay or Okay’ study: Users prefer a tracking-free “third option”
Given the upcoming "Pay or Okay" guidelines by the EDPB, noyb has commissioned a study about user choices
Read more
27.11.2025
Cookie Banners
noyb win: Conde Nast fined €750,000 for placing cookies without consent
The French DPA has fined the Vanity Fair publisher Conde Nast €750.000
Read more
18.08.2025
Cookie Banners
Court decides "Pay or Okay" on DerStandard.at is illegal
Austrian Federal Administrative Court confirms that the newspaper "DerStandard" violated the GDPR when introducing "Pay or Okay” model.
Read more
Subscribe to noyb newsletter
Subscribe