Guides Counsellor
What does a cookie warning really cost?
A cookie warning rarely happens just once - and it has several cost components. What you can realistically expect and how to avoid it.
What are the costs of a cookie warning?
A warning letter rarely involves just a single charge. Typical costs include legal fees, the cost of the warning letter, a cease-and-desist declaration and, where applicable, compensation — the amount depends on the value of the claim and the specific circumstances of the case.
- Legal fees and costs of formal warnings: these are based on the value of the claim; in the case of data protection breaches, they are often in the three- to four-figure range.
- Cease-and-desist declaration: Anyone who signs one pays a contractual penalty for every subsequent breach — making repeat offences costly.
- Compensation: Data subjects may claim compensation for non-material damage (Art. 82 GDPR); the amounts awarded vary considerably.
- Consequential costs: your own legal advice, technical rectification, time.
Specific sums always depend on the individual case — the only certainty is this: it is cheaper not to risk a warning letter in the first place than to face one.
Example: the Google Fonts warning wave
The best-known example is dynamically embedded Google Fonts: in this case, a huge number of letters were sent out, typically demanding a small amount in damages plus legal costs.
Even a single case of this sort can result in significant costs in terms of damages and fees — and for those who run many websites (or manage them as an agency), the risk is multiplied. That is precisely why the recommendation is: host Google Fonts locally and only load trackers once consent has been given.
Risk of fines by the supervisory authority
In addition to warnings from competitors or trade associations, data protection supervisory authorities may impose fines — under the GDPR, these can be up to €20 million or 4% of global annual turnover.
This framework represents the theoretical upper limit and primarily applies to serious breaches. For small and medium-sized enterprises, a warning is the more likely and immediate risk in day-to-day operations — but the fine demonstrates just how seriously the legislator takes this issue.
How to avoid a warning from the outset
Most warnings regarding cookies stem from two avoidable mistakes: trackers that are activated before consent is given, and a privacy policy that does not reflect reality.
With BlueOcean Privacy, trackers are technically blocked until consent is given, the privacy policy is automatically kept up to date, and a scan confirms that nothing loads before consent is given. A free website scan will show you in 5 minutes whether your site is vulnerable.
Let's take a quick look at your sites
In a 15-minute call you’ll see where your client sites stand — and how to secure them effortlessly.
FAQ
What is the average cost of a cookie warning?
That depends on the value of the claim and the specific circumstances. Legal fees and costs associated with warning letters for data protection breaches often run into three or four figures; on top of this, there may be compensation and, in the event of a repeat offence, contractual penalties.
Can I be warned for Google Fonts?
Yes, if Google Fonts are loaded dynamically from Google’s servers and the IP address is transmitted without consent. Solution: Host fonts locally.
How high can GDPR fines be?
The limit is set at €20 million or 4% of global annual turnover. That is the upper limit; for SMEs, a warning letter is the more likely risk in day-to-day operations.
How do I avoid cookie warnings?
Only load trackers after active consent has been given, offer an equivalent ‘Reject all’ option, and keep the privacy policy up to date. A scan will detect pre-consent leaks.