The Digital Services Act (DSA) will change the face of cookie banners

European businesses face new restrictions for cookie banner designs as EU lawmakers propose new rules for online platforms and websites. The law won’t just affect Big-Tech but also small and medium sized businesses. Here’s how.
Table of Contents

April 2022. European policymakers celebrate as they confirm the new Digital Services Act and the new Digital Markets Act.

And already now, European businesses should begin working on changes to their advertising methods and consent collection, before the laws are fully implemented in 2024.

Here’s how the Digital Service Act (DSA) will affect not only social media platforms and online marketplaces, but anyone doing business on the European internet.

Digital Services Act – a very quick overview

WHAT: The Digital Services Act (DSA) is a new EU law proposal. It aims to provide internet users with greater protection by regulating online platforms. The DSA will impose new rules for advertising, content, transparency and use of algorithms.

WHO: All digital services doing business in the EU are subject to the Digital Service Act. From the smallest website to online platform tech giants like Google and Facebook.

WHEN: The European Parliament approved the DSA on July 5th, 2022. It was approved together with Digital Markets Act (DMA). The DSA will enter into force when finally adopted by the EU Council in September 2022. Rules will apply 15 months after or in January 2024.

The Digital Services Act affects all European online businesses

The Digital Services Act aims to create a safer digital space for all internet users. It does so by giving online platforms a new set of rules for how to moderate content, collect consent and use algorithms for marketing purposes.

The new law will modernize the old e-Commerce Directive and update legislation made in a time before smart phones, social media and internet giants like Facebook and Google. 

Link: The Digital Services Act package from the EU Commission

The law will apply to all digital services doing business in the EU. Not only Big-Tech, but also simple websites, start-ups and other online businesses.

6 ways the Digital Services Act
will affect businesses in the EU

1. New ban on Dark Patterns (e.g., in cookie banners).

2. Must be easier to reject and withdraw consent.

3. No targeting towards kids and minors.

4. No targeting based on sensitive data.

5. New requirements for transparency.

6. New requirements for algorithmic processes.

The ban on Dark Patterns and the request for easier withdrawal of consent will affect the design of cookie banners.

Here’s how.

The Digital Services Act will affect cookie banner designs

As the DSA is set to put a ban on websites’ use of Dark Patterns, we will most noticeably see the effects on cookie banners.

Dark Patterns are frequently used by companies to nudge users into giving consent to cookies. Most often even without users being able to reject consent.

Both the GDPR and the new DSA strike hard on Dark Patterns.

Link: What are Dark Patterns in cookie banners?

The DSA is set to end websites’ use of confusing web design in general.

Both in cases where it is difficult or impossible to unsubscribe a newsletter or cancel an account, but also when it comes to asking for consent to cookies.

When the DSA is finally implemented in national laws across Europe, it will change the face of cookie banners in the EU.

How will cookie banners change with the Digital Services Act?

With both the GDPR and the new DSA, it will become ever more important to design your cookie banner, so your users know exactly what they give consent to.

Here’s what future cookie banners will most likely look like:

As Dark Patterns will be banned, cookie banner buttons for accepting and rejecting cookies will also change. Buttons must be equally weighted in terms of color, size and placement.

This means that the “Accept button” no longer may be more prominent or a different color than the “Reject button”.

Cookie banner “Accept” and “Reject” buttons must have:

  • Same color.
  • Same size.
  • Be placed in the first layer of the cookie banner next to each other.

Below is an example of a cookie banner, where both buttons (Accept and Reject) are equally weighted in terms of size, placement and colors.

A cookie banner compliant with the Digital Service Act and the GDPR.
The face of cookie banners will change with the Digital Service Act. Dark Patterns in cookie banners will be banned.

Withdrawal of consent:

Users must always be able to withdraw consent quickly and easily.

Links to withdrawal or change of consent must be easily accessible.

This can be done by linking directly from the cookie policy to a page where users can withdraw consent. Or from an icon on the page, where users can re-open the cookie banner to change/withdraw consent to cookies.

Designs that will no longer be accepted.

Banners where one button is more prominent than the other or where the banner tries to hide an option with low contrast colors.

A cookie banner using dark patterns. The reject button is almost invisible but the accept button is highlighted.
It is considered nudging if you use low contrast for rejecting cookies but high contrast for accepting.

Another pattern to be eliminated is the missing reject-button. Since consent must be freely given, cookie banners must include a reject button in the banner.

A cookie banner using dark patterns. There is no reject button in the banner and the user is forced to accept cookies.
The user cannot reject cookies and is forced to accept. Not GDPR compliant.

How can my cookie banner comply with the Digital Services Act?

First, it is important to get a cookie banner. Next, make sure it collects valid consent.

Your cookie banner must:

  • Inform users of cookies.
  • Collect their freely given consent (yes/no).
  • Be specific about what it asks consent for.
  • Let the user know exactly what he/she gives consent to.
  • Not trick the user into giving consent (dark patterns)
  • Store consent for 5 years.

Sounds difficult? It’s not.

Cookie Information provides a GDPR compliant cookie banner which informs users about cookies and collects their valid consent.

As Europe’s leading Consent Management Platform, we also give advice on legal requirements for design and information to comply with the Digital Services Act. And the GDPR.

Anticipate the new rules of the DSA, get a compliant cookie banner today.