Why UK Websites Are Adding a ‘Reject All’ Cookie Option

If you’ve noticed more UK websites updating their cookie banners to include a clear “Reject All” option, you’re not imagining it. While it might appear that new legislation has recently come into force, the underlying laws governing cookies and consent have not suddenly changed. What has changed is how those laws are being interpreted and enforced by regulators — most notably the UK Information Commissioner’s Office (ICO). In this article, we’ll look at why cookie banners are evolving, what the law actually requires, and how businesses can stay compliant without sacrificing user experience or marketing effectiveness.

The Law: PECR and UK GDPR

Cookie usage in the UK is regulated primarily under the Privacy and Electronic Communications Regulations (PECR), supplemented by the UK General Data Protection Regulation (UK GDPR).

PECR requires consent before setting non‑essential cookies (e.g., analytics and advertising). See: PECR Regulation 6

UK GDPR defines valid consent as freely given, specific, informed and an unambiguous indication of wishes. See: Article 4(11) UK GDPR

Controllers must be able to demonstrate consent. See: Article 7(1) UK GDPR

For practical guidance, the ICO explains how cookie consent should be obtained and managed: ICO cookie guidance

So Why the Push for a “Reject All” Button?

The law has always required real, meaningful choice. What has changed recently is regulatory enforcement focus. The ICO has been reviewing major websites and challenging banners that nudge users toward “Accept”. If accepting cookies is quick while refusal is hidden or multi‑step, regulators view the resulting consent as not “freely given”.

See also broader EU guidance on consent and dark patterns: EDPB Guidelines 05/2020 on Consent

But Isn’t the Default Already ‘No Cookies’?

Technically, yes — if your website blocks non‑essential cookies until the user accepts them, you comply with PECR’s baseline. However, the moment of choice still matters: if the only obvious action is “Accept”, users are steered to consent. To be compliant, refusal must be available, clear and as easy as acceptance.

Recital 43 clarifies that consent isn’t freely given if a user cannot refuse without detriment: Recital 43 UK GDPR

Will Users Just Click ‘Reject’?

Some will — but your consent rate depends heavily on wording and layout. You can remain compliant and reduce knee‑jerk refusal by using clear, neutral alternatives to “Reject All”:

Accept all  |  Continue with essential cookies only

Allow all   |  No tracking cookies

Improve my experience  |  Keep basic settings

How to Update Your Cookie Banner

To stay compliant and user‑friendly:

  1. Ensure non‑essential cookies are blocked by default.
  2. Provide two equally visible options: one to accept and one to refuse.
  3. Use clear, neutral language.
  4. Offer a settings panel for granular choices (optional but helpful).

ICO practical examples and expectations are here: ICO cookie banner expectations

Final Thoughts

The “Reject All” trend isn’t about new law — it’s about fair choice. With thoughtful framing, you can stay fully compliant and maintain useful analytics.

The simplest pattern is: equal‑prominence buttons for acceptance and refusal, plus an optional settings link.