Study shows: Only 0.1% consent to legally compliant cookie banners

Study shows: Only 0.1% consent to legally compliant cookie banners

According to a recent study by Ruhr University Bochum and the University of Michigan, most cookie banners on European websites do not comply with data protection regulations. The results of the study also show which cookie notices are more likely to be rejected and which are more likely to be accepted.


This blog post is not legal advice. As part of our work as WordPress host , we have dealt very intensively with the data protection regulations applicable in the EU. However, we are neither lawyers nor data protection experts. We assume no liability for the completeness, topicality and correctness of the content provided by us.

There is still a lack of clarity on cookies

The European General Data Protection Regulation (GDPR) has been in force in all member states of the European Union since 25 Mai 2018. This means that high fines can be imposed if the requirements are not met. The aim of GDPR is to protect personal data equally in all EU member states by standardizing data protection and to strengthen people's rights on the internet. 

As the requirements of GDPR are interpreted differently in some cases, the current legal situation regarding the use of cookies is anything but clear. This uncertainty is reflected in the countless variations of cookie notices on European websites.

In his guest article "Cookie Banner - But the right way!", lawyer Mario Steinberg tells us what you need to bear in mind when implementing a cookie opt-in.

The so-called ePrivacy Regulation is intended to further specify and supplement GDPR in this respect. However, as there are still many questions and points of discussion regarding the content of the regulation to be clarified, we will not be confronted with it for the time being. But that doesn't mean you shouldn't start preparing for it now!

In addition, a ruling by the European Court of Justice (ECJ) on July 29, 2019 declared cookie opt-ins to be a duty to warn. However, this information does not seem to have reached everyone yet. At least that is what a study suggests, which I would like to present to you below.

"*" indicates required fields

I would like to subscribe to the newsletter to be informed about new blog articles, ebooks, features and news about WordPress. I can withdraw my consent at any time. Please note our Privacy Policy.
This field is for validation and should not be changed.

The Ruhr University Bochum and the University of Michigan analyzed 1,000 cookie notices to find out how cookie banners are currently implemented in the EU. As part of their study, they examined, among other things, the placement of the banners, the number of choices and whether people were pressured into giving their consent ("nudging"). 

cookie banner study utz et al

In addition, over a period of 4 months, more than 80,000 unique visits to a German store website were examined to see how people interact with different variations of cookie notices.

The aim of the study is to find out how to design a cookie banner that motivates users to interact with it in a meaningful way instead of clicking away or leaving the website.

One finding of the study is likely to cause many people to worry. This is because the consent rate for tracking was lowest for legally compliant cookie banners.

Specifically, the study examines the following research questions:

  1. Does the position of the cookie banner influence whether someone consents or not?
  2. Does the number of selection options or pre-filled checkboxes ("nudging") influence the interaction?
  3. Does the presence of a link to the privacy policy or the term "cookies" influence the decision?

The most important results summarized


The study showed that 58 percent of cookie banners are placed at the bottom of the screen and 93 percent of banners do not block interaction with the website. The position also has an influence on interaction: cookie banners in the lower, left-hand part of the screen receive the most attention. 

cookie banner study utz et al


86% of cookie banners do not offer any choices at all, but merely inform users that cookies are used. In addition, the majority of banners (57%) try to persuade people to give their consent ("nudging"). This is done, for example, by visually highlighting the OK button, which confirms all pre-filled cookies, and by graying out the further options.

What is the impact of choice on interaction? For more complex choices (e.g. different categories of cookies that must be actively selected), most do not accept the cookies. However, if the checkboxes are already filled in and the design emphasizes consent, many accept the (privacy-unfriendly) default settings. A high level of interaction takes place with binary selection options (a button to accept and a button to reject all cookies).

cookie banner study utz et al

The researchers also found that the term "cookies" in the banner reduces acceptance. This suggests that most people associate the word "cookies" with something negative or untrustworthy. Therefore, an alternative headline for the cookie banner could be "Use of personal data" or "Privacy settings".   

92% of the cookie notices examined contain a link to the privacy policy, but only a third (39%) state the purpose of data collection or who can access the data (21%).

Die Forschergruppe kommt zu dem Schluss, dass nur ein Bruchteil der Nutzer (<0,1%) allen Cookies zustimmt, wenn der Banner alle Forderungen der Datenschutzbehörden regelkonform umsetzt (einzelne Cookie Kategorien, nicht vorausgefüllt, kein nudging). 

However, according to a Facebook post by lawyer Dr. Thomas Schwenke, it has not yet been decided in court whether the checkboxes of the individual cookie categories may be pre-filled or not. Until this question has been clarified in court, most webmasters will probably opt for the pre-filled variant.

Borlabs cookie plugin

If you want to use a plugin to support your cookie banner, Borlabs Cookie is always a good tip.


In summary, the study shows that the placement, the type of opt-in procedure and the design of the banner have a significant influence on the interaction of website visitors. The differences in user interaction with the banner were between 5 and 55 percent.

Overall, the more options offered in a cookie notice, the more likely it is that users will reject the use of cookies. If no checkbox is pre-filled for several possible cookie categories (which should be the case according to the GDPR specification "privacy by default"), less than 0.1 percent of visitors would consent to all cookies. 

What do you think about the results of the study? Do you already have a watertight cookie notice in place or are you waiting for the ePrivacy Regulation? I look forward to your comment!

Source: The study results will soon be published in a paper entitled "(Un)informed Consent: Studying GDPR Consent Notices in the Field", which is available to us in the preliminary version. The authors of the paper are Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten Holz. The graphics used are from a Twitter thread by Martin Degeling. 

Contributed image: Nadine Shaabana | Unsplash

Did you like the article?

Your rating helps us improve our future content.

Post a comment

Your email address will not be published. Required fields are marked with *.