Cookie Banner Dark Pattern Detector
Dark patterns in cookie banners are a primary enforcement target for EU and UK regulators. We check your banner against the four categories defined in EDPB Guidelines 3/2022 - the same framework regulators use to issue fines.
4 dark patterns we detect
Each pattern is checked by our automated scanner using the EDPB's own classification framework.
No reject option / forced consent
EDPB Guidelines 3/2022 Section 3.1Is a "Reject All" or equivalent option present on the first layer of the consent banner? Requiring visitors to navigate to a secondary menu to refuse is itself a dark pattern.
What we check
- Is a Reject All button present on the first banner layer?
- Is refusal possible without opening additional menus?
- Is the reject option at least as prominent as the accept option?
Buried reject / unequal visual prominence
EDPB Guidelines 3/2022 Section 3.3The reject option exists but is visually de-emphasized: smaller text, lower-contrast color, or positioned where it is easy to miss relative to the Accept button.
What we check
- Are Accept and Reject buttons visually equal in size and color weight?
- Is the Reject option hidden behind "More options", "Manage preferences", or similar?
- Does accepting require fewer clicks than rejecting?
Pre-ticked consent boxes
GDPR Article 4(11) - consent must be active, not passiveOptional consent categories (analytics, advertising) are pre-selected in the preference panel. Under GDPR, valid consent must be an active opt-in - a pre-ticked box is not consent.
What we check
- Are optional categories pre-checked in the consent preferences panel?
- Does the user need to un-tick rather than tick to refuse?
- Are any non-strictly-necessary toggles on by default?
Misleading or vague category labels
GDPR Article 5(1)(a) - data must be processed transparentlyConsent categories use names that obscure their true purpose: analytics trackers labelled as "Required", advertising pixels labelled as "Functional".
What we check
- Do category names accurately reflect the cookies they cover?
- Are third-party advertising cookies labelled as necessary or functional?
- Is the purpose description clear enough to obtain informed consent?
Why regulators specifically target dark patterns
Cookie banner dark patterns were among the first major GDPR enforcement targets - and they remain active priorities.
| Authority | Action | Target | Reason |
|---|---|---|---|
| CNIL (France) | €150M fine | Google (2022) | Cookie consent banners made it harder to refuse cookies than to accept them |
| CNIL (France) | €60M fine | Facebook (Meta) (2022) | No equivalent reject option on the first banner layer |
| ICO (UK) | Enforcement notices | Multiple publishers (Ongoing) | Non-compliant consent banners across high-traffic news and entertainment sites |
| DPC (Ireland) | Ongoing investigations | Social platforms (Ongoing) | Deceptive consent flow design under EU-level GDPR enforcement |
Related: Pre-Consent Tracking Checker · Supported CMPs · What compliance means in practice
Check your banner for dark patterns
Cookie Compliance Checker is launching soon. Join the waitlist for early access and be among the first to scan your site.