According to a recent study by the Ruhr-Universität Bochum and the University of Michigan, most cookie banners on European websites do not comply with data protection regulations. In addition, the results of the study show which cookie notices website visitors are more likely to reject and which they are more likely to accept.
Disclaimer: This blog post is not legal advice. Within the scope of our work as WordPress hosters we have dealt very intensively with the data protection regulations applicable in the EU. But we are neither lawyers nor data protection experts. We assume no liability for the completeness, topicality and correctness of the contents provided by us.
There is still a lack of clarity regarding cookies
Since 25 May 2018, the European data protection basic regulation (GDPR) has been effective in all member states of the European Union. This means that high fines can be imposed if the requirements are not met. The aim of the GDPR is to protect personal data equally in all EU member states and to strengthen the rights of Internet users by standardising data protection.
Which things you have to consider when implementing a cookie opt-in has been explained to us by attorney Mario Steinberg in his guest article "Cookie Banner - But right!" betrayed.
The so-called ePrivacy Regulation is intended to further clarify and complement the GDPR existing provisions in this respect. As many questions and discussion points of the regulation currently still need to be clarified, website operators will probably not be confronted with it until 2020. This does not mean, however, that you should not prepare yourself for this now!
In addition, a ruling of the European Court of Justice (ECJ) of 29 July 2019 Cookie-Opt-ins for the dunnable duty has explained. However, this information does not seem to have reached all website operators by a long way. At least that is what a study suggests, which I would like to present to you in the following.
Study investigates interaction with cookie banners
Researchers from the Ruhr-Universität Bochum and the University of Michigan have analysed 1,000 cookie hints to find out what the implementation of cookie banners currently looks like in the EU. In their study, they examined, among other things, the placement of the banners, the number of choices and whether users were urged to consent ("nudging").
In addition, over a period of 4 months, with more than 80,000 unique visits to a German shop website, we investigated how users interact with different variations of cookie cues.
The goal of the study is to find out how to design a cookie banner that motivates users to interact with it in a meaningful way rather than clicking away or leaving the site hint.
One finding of the study is likely to cause worry lines on the foreheads of many site operators and marketing managers. This is because the consent rate for tracking was lowest for legally compliant cookie banners.
Specifically, the study examines the following research questions:
- Does the position of the cookie banner influence whether a visitor agrees or not?
- Does the number of choices or pre-filled checkboxes ("nudging") influence user interaction?
- Does the existence of a link to the privacy statement or the term "cookies" influence the users' decision?
Summary of the main findings
The study found that 58 percent of cookie banners are placed at the bottom of the screen and 93 percent of banners do not block interaction with the site. In addition, the position has an influence on the interaction: cookie banners in the lower, left part of the screen receive the most attention.
86 percent of cookie banners do not offer any choice at all, but only inform users that cookies are being used. In addition, the majority of banners (57%) try to persuade users to agree ("nudging"). This is done, for example, by visually highlighting the OK button, which confirms all pre-filled cookies, and greying out the advanced options.
What is the influence of selection on interaction? With more complex selection options (e.g. different categories of cookies that must be actively selected), most website visitors will not accept the cookies. However, if the checkboxes have already been filled in and the design emphasises consent, many users adopt the (data protection-unfriendly) default settings. A high level of interaction takes place with binary choices (one button to accept and one button to reject all cookies).
The researchers also found that the term "cookies" in the banner reduces acceptance. This suggests that users associate something negative or untrustworthy with the word "cookies". Thus, an alternative heading for the cookie banner could be "Use of personal data" or "Privacy settings".
Although 92 percent of the cookie notices examined contain a link to the data protection declaration, only one third (39%) state the purpose of data collection or information on who can access the data (21%).
The Research group concludes that only a fraction of the users (<0,1%)
According to one Facebook posts by lawyer Dr. Thomas Schwenke, however, has not yet been decided by the court whether the checkboxes of the individual cookie categories may be pre-filled or not. Until this question is settled in court, most webmasters will probably opt for the pre-filled version.
In summary, the study shows that the placement, the type of opt-in procedure and the design of the banner have a significant impact on the interaction of website visitors. The differences in user interaction with the banner were between 5 and 55 percent.
What do you think about the results of the study? Do you already have a waterproof cookie indicator in use or are you waiting for the ePrivacy Regulation ? I appreciate your comment!
Source: The results of the study will be published shortly in a paper entitled "(Un)informed Consent: Studying GDPR Consent Notices in the Field", which is available in a preliminary version. The authors of the paper are Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. The graphics used originate from a Twitter thread by Martin Degeling.
Picture: Nadine Shaabana | Unsplash