Belgium Data protection Authority v. Mediahuis

On September 6, 2024, the Belgian Data Protection Authority (DPA) issued a decision against Mediahuis NV for violating GDPR through improper cookie practices and the use of dark patterns. Mediahuis, a major European media company, failed to provide a clear "Decline" option for cookies, instead using misleading button colors to pressure users into accepting them. Additionally, withdrawing consent was intentionally made more difficult than giving it, violating users' autonomy under GDPR rules. The DPA found that Mediahuis's consent process was neither free nor unambiguous, breaching GDPR and the ePrivacy Directive. The company was ordered to update its cookie banner within 45 days or face fines of €25,000 per day for non-compliance.