The Austria-based NOYB "None of Your Business" group on Monday said it was lodging draft complaints against hundreds of websites over their use of pop-up banners.
NOYB, which campaigns for better privacy regulation, says that many users' on-screen choices do not comply with EU privacy laws, making the internet "a frustrating experience for users all over Europe."
What is NOYB's complaint?
The group said it would present more than 500 draft complaints over what it calls the "cookie ban terror."
NOYB said the pop-ups fail to give the user a simple "yes or no" to their data being collected, instead providing only a very complex way to refuse to allow the site to track the user's activity.
The activists say that making it "extremely complicated to click anything but the 'accept' button" is a breach of the EU's General Data Protection Regulation (GDPR).
NOYB said it was lodging the complaints with companies in 33 countries, to include every European Economic Area member state except Malta and Liechtenstein.
The group says it had notified the companies, but would only file the legal complaints in a month, if the sites haven't rectified their "unfair" and "frustrating" design in the mean time.
"Everybody in Europe hates cookie banners," said the group's Max Schrems. "Many people feel that cookie banners are where the GDPR went horribly wrong, but the problem is not the GDPR, it's crazy deceptive designs."
"Companies use every trick in the book to make you hit this accept button."
Who are NOYB?
The Vienna-based group was founded in 2018 — at the same time as the European Union implemented its landmark GDPR legislation.
Unlike groups that focus on government breaches of privacy, NOYB targets issues and violations in the private sector.
Schrems, who is among the group's co-founders, has notched up a series of legal victories over online privacy. They include the derailing of major EU-US data exchange arrangements.
"Ideally we should not exist," Schrems said in an April interview with the AFP news agency, adding that state regulatory authorities should ensure GDPR is complied with correctly. "The problem is that in many member states that is not properly done."
"That is a fundamental problem we have in Europe, we are very good at passing laws and praising ourselves about... how great we are at human rights, but we are actually not very good at enforcing it," Schrems said.
The group is financed by more than 3,500 supporting members and is currently pursuing some 150 complaints in various jurisdictions.