cookie banner study picture

Study shows: Only 0.1% consent to legally compliant cookie banners

According to a recent study by the Ruhr University Bochum and the University of Michigan, most cookie banners on European websites are not privacy-compliant. In addition, the results of the study show which cookie notices website visitors tend to reject and which they tend to accept.

Disclaimer

This blog post is not legal advice. As part of our work as WordPresshost , we have dealt very intensively with the data protection regulations applicable in the EU. However, we are neither lawyers nor data protection experts. We assume no liability for the completeness, topicality and correctness of the content provided by us.

There is still a lack of clarity on cookies

Since 25 May 2018, the European data protection basic regulation (GDPR) has been effective in all member states of the European Union. This means that high fines can be imposed if the requirements are not met. The aim of the GDPR is to protect personal data equally in all EU member states and to strengthen the rights of Internet users by standardising data protection. 

As the requirements of GDPR are interpreted differently in some cases, the current legal situation regarding the use of cookies is anything but clear. This uncertainty is reflected in the countless variations of cookie notices on European websites.

In his guest article "Cookie Banner - But the right way!", lawyer Mario Steinberg tells us what you need to bear in mind when implementing a cookie opt-in.

The so-called ePrivacy Regulation is intended to further specify and supplement GDPR in this respect. As there are still many questions and points of discussion regarding the content of the regulation to be clarified, website operators will probably not be confronted with it until 2020. However, this does not mean that you should not prepare for it now!

In addition, a ruling by the European Court of Justice (ECJ) on July 29, 2019 declared cookie opt-ins to be a duty to warn. However, this information does not seem to have reached all website operators yet. This is at least indicated by a study that I would like to present to you below.

"*" indicates required fields

I would like to subscribe to the newsletter to be informed about new blog articles, ebooks, features and news about WordPress. I can withdraw my consent at any time. Please note our Privacy Policy.
This field is for validation and should not be changed.

Researchers from Ruhr-Universität Bochum and the University of Michigan analyzed 1,000 cookie notices to find out how cookie banners are currently implemented in the EU. As part of their study, they examined, among other things, the placement of the banners, the number of choices, and whether users were pressured into consent ("nudging"). 

cookie banner study utz et al
Quelle: https://twitter.com/mrtn3000/status/1158303292209999872

In addition, over a period of 4 months, more than 80,000 unique visits to a German shop website were investigated to see how users interact with different variations of cookie notices.

The goal of the study is to figure out how to design a cookie banner that motivates users to interact with it in a meaningful way, rather than clicking away from the notice or leaving site .

One finding of the study is likely to raise the eyebrows of many website operators and marketers. Because: The consent rate for tracking was lowest with legally compliant cookie banners.

Specifically, the study examines the following research questions:

  1. Does the position of the cookie banner affect whether a visitor consents or not?
  2. Does the number of choices or pre-filled checkboxes ("nudging") influence user interaction?
  3. Does the presence of a link to the privacy policy or the term "cookies" influence the user's decision?

The most important results summarized

Placement

The study found that 58 percent of cookie banners are placed at the bottom of the screen and 93 percent of banners do not block interaction with the website. In addition, the position has an influence on the interaction: Cookie banners in the lower, left part of the screen receive the most attention. 

cookie banner study utz et al
Quelle: https://twitter.com/mrtn3000/status/1158303302251098113

Options

86% of cookie banners do not offer any choice at all, but only inform users that cookies are used. In addition, the majority of banners (57%) try to persuade users to consent ("nudging"). This is done, for example, by visually highlighting the OK button, which confirms all pre-filled cookies, as well as by greying out the further options.

What is the impact of choice on interaction? For more complex choices (e.g., different categories of cookies that must be actively selected), most website visitors do not accept the cookies. However, if the checkboxes are already filled in and the design highlights consent, many users will adopt the default (privacy-unfriendly) settings. High interaction occurs with binary choices (one button to accept and one button to reject all cookies).

cookie banner study utz et al
Quelle: https://twitter.com/mrtn3000/status/1158303311998672897

In addition, the researchers found that the term "cookies" in the banner reduced acceptance. This suggests that users associate something negative or untrustworthy with the word "cookies". Thus, an alternative headline for the cookie banner could be "Use of personal data" or "Privacy settings".   

Ninety-two percent of the cookie notices examined include a link to the privacy policy, but only a third (39%) mention the purpose of the data collection or who can access the data (21%).

Die Forschergruppe kommt zu dem Schluss, dass nur ein Bruchteil der Nutzer (<0,1%) allen Cookies zustimmt, wenn der Banner alle Forderungen der Datenschutzbehörden regelkonform umsetzt (einzelne Cookie-Kategorien, nicht vorausgefüllt, kein nudging). 

However, according to a Facebook post by lawyer Dr. Thomas Schwenke, it has not yet been decided in court whether the checkboxes of the individual cookie categories may be pre-filled or not. Until this question has been clarified in court, most webmasters will probably opt for the pre-filled option.

eugh optin WordPress borlabs cookie blog

Conclusion 

In summary, the study shows that the placement, the type of opt-in procedure as well as the design of the banner significantly influence the interaction of the website visitors. The differences in user interaction with the banner were between 5 and 55 percent.

Overall, the more choices offered in a cookie notice, the more likely it is that users will reject the use of cookies. If no checkbox is pre-filled for several possible cookie categories (which would have to be the case according to the GDPR"privacy by default" specification), less than 0.1 percent of visitors would agree to all cookies. 

What do you say to the results of the study? Do you already have a watertight cookie notice in place or are you waiting for the ePrivacy Regulation ? I'm looking forward to your comment!

Source: The study results will soon be published in a paper entitled "(Un)informed Consent: Studying GDPR Consent Notices in the Field", which is available to us in the preliminary version. The authors of the paper are Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. The graphics used are from a Twitter thread by Martin Degeling. 

Contributed image: Nadine Shaabana | Unsplash

Did you like the article?

Your rating helps us improve our future content.

Post a comment

Your email address will not be published. Required fields are marked with *.