European web users don’t like tracking cookies

An overwhelming majority of European web users chooses to protect their privacy by refusing tracking cookies. In other words, if they were given a fair and sincere choice to do so, only 0.1% would choose to accept all cookie categories.

This is shown by a joint study of academics at the German Ruhr University of Bochum and the University of Michigan in the US called (Un)informed Consent: Studying GDPR Consent Notices in the Field.

The research focuses on how European consumers deal with the consent mechanisms for cookies. These have spread in large numbers since the European General Data Protection Regulation (GDPR) came into force last May. The report sheds far from flattering light on the widespread manipulation of a system that is supposed to protect consumer rights, according to TechCrunch.

Influencing privacy choices

The GDPR imposes strict fines on those who do not comply with the regulations. As a result, many websites have implemented disclaimers that indicate how they deal with user data. These pop-ups appear in many different forms. The study examines how consumers deal with these different designs of pop-ups of cookies. The scientists also look at how different design choices can influence people’s privacy choices. Moreover, the study suggests that internet users experience a certain degree of confusion about how cookies work.

The researchers collected information using 5,000 cookie reports from leading websites, all provided with various consent mechanisms. They collaborated with a German e-commerce website for four months. They investigated how more than 82,000 unique visitors to the site interacted with different cookie consent designs. The researchers had the opportunity to consciously tweak the pop-ups. In this way, they wanted to find out how different default settings and design choices influenced individuals’ privacy choices.

Useless comfirmation button

It turned out that the majority of cookie permissions are located at the bottom of the screen (58 percent). More than 93 percent of these do not block interaction with the website and in 86 percent of the cases there is a useless confirmation button.

More than 57 percent of the websites give users a push in the direction of permission. They do this, for example, by using a dark pattern, such as marking the ‘Agree’ button with a colour. Despite the fact that almost all cookie reports (92 percent) contain a link to the privacy policy of the site, only 39 percent mention the specific purpose of the data collection. Those who have access to the data (21 percent) are also insufficiently mentioned.

‘Not compliant with European privacy legislation’.

“Given the legal requirements for explicit, informed consent, it is clear that the vast majority of notifications for cookies does not comply with European privacy legislation. Our results show that a reasonable number of users are willing to interact with cookie notifications. These are mainly people who want to choose the opt-out, or do not want to go for the opt-in. Unfortunately, current implementations do not always respect this, and the vast majority of pop-ups do not offer a meaningful choice”, according to the researchers.

According to the researchers, it also appears that the more choices are offered in a cookie report, the greater the chance that visitors will refuse the use of cookies. “The results show that pushing and pre-selection have a major impact on users’ decisions, which confirms earlier work. It also shows that the GDPR requirement of privacy must be maintained as a standard in order to ensure that notifications collect explicit consent”.

“Our results show that only 0.1 percent of users would effectively consent to the use of data by third parties if the requirements of the GDPR were correctly implemented,” the researchers conclude.