Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Browser CoBi Google Internet News All topics
Study Reveals Problem

“Reject All” Ineffective? Many Websites Use Cookies Despite Rejection

A "Cookies Accept" Button
Many cookie banners give the impression of control but still employ tracking technologies, study finds Photo: Getty Images
Share article

April 23, 2026, 3:27 pm | Read time: 3 minutes

Cookie notices have become a regular part of browsing the internet. They are meant to ensure that users can decide whether their data is used for tracking and advertising. Especially since the introduction of the General Data Protection Regulation, websites have integrated corresponding options. Clicking “Reject All” gives the impression of maintaining control over one’s data. However, this promise is often not kept.

An extensive analysis by the research firm webXray examined more than 7,000 heavily trafficked websites. The results are clear: Many providers continue to set cookies even though users have actively denied permission. Specifically, advertising cookies were stored on 55 percent of the sites examined, despite an opt-out. In total, more than 126,000 cookies were set despite rejection.

Even cookie banners certified by Google do not prevent the company from placing cookies afterward, according to the report.

Companies Factor in Possible Fines

The results also have financial implications. In the U.S. state of California alone, potential fines could amount to around $5.8 billion. Yet this does not seem to deter many companies. The analysis shows significant differences among corporations. Google stands out negatively with 86 percent faulty banners and has already paid $2.31 billion in fines. Meta reaches 69 percent and totals about $9.304 billion. Microsoft is at 50 percent and around $390 million. The figures suggest that system adjustments are not consistently implemented.

The affected companies, however, dispute the allegations. Google told the online magazine “404 Media“: “The report is based on a fundamentally incorrect understanding of how our product works.” The company emphasizes compliance with applicable laws. Meta views the investigation primarily as a marketing strategy by webXray. Microsoft argues that certain cookies are technically necessary for websites to function correctly.

The study’s authors stand by their assessment. Founder Timothy Libert puts it this way: “Regulators see a fox entering the henhouse and saying, ‘I’m just here to count eggs, I’m not eating chickens,’ and the regulators believe it.”

Also interesting: What are cookies on the internet and what are they used for?

Situation in Europe Remains Unclear

The investigation focuses on California, but the issue is also relevant in Europe. Here, stricter regulations apply with the GDPR. At the same time, users have more options to report violations. Whether similar mechanisms with supposedly certified cookie banners are widespread in the EU is not clearly determined.

Article 26 of the GDPR stipulates that multiple parties can be jointly responsible. This includes tech companies, website operators, and advertising partners. Despite these regulations, large companies in Europe also regularly pay hefty fines. Whether cookie banners work more reliably here remains open.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.