Yahoo is the owner of various media properties, such as Yahoo News, Yahoo Finance, and Yahoo Sports, as well as tech media sites like Engadget, HuffPo, and Tumblr. These sites are linked to the company's online advertising business through the use of tracking cookies, which trigger cookie consent banners displaying information about ad partners and data processing purposes. However, under the GDPR, valid consent for data processing must be informed, specific, and freely given.
The investigation conducted by the Data Protection Commission (DPC) focused on transparency issues related to publications operated by Yahoo, following multiple complaints from individuals about Yahoo media sites. One of the main concerns raised was the cookie banners used on these sites, which were reported to sometimes "effectively" offer no choice to users beyond an "okay" button. This issue is particularly relevant given that the GDPR requires consent for data processing to be freely given and specific, meaning that users must have a genuine choice to accept or reject tracking.
Moreover, the current cookie banner implementation by Yahoo places the reject button on the second level of the menu, rather than alongside the "accept all" option at the top. This means that users must first click through "manage settings" before they can see the option to reject all cookies. Furthermore, the second level menu is quite long and requires scrolling, which may make it less user-friendly and raise new regulatory concerns. This revised design may be seen as failing to provide an equally simple way for users to reject tracking, which could result in further complaints and investigations by the DPC.