UX Autopsy: Death By Cookies

by | Aug 3, 2024 | UX Autopsy | 0 comments

The Evidence

Cookies are still here (for now)

  • Obtaining consent is mandatory for EU visitors
  • Other countries are also following suit when it comes to data privacy
  • So why are websites so bad at obtaining it…
  • And are cookie banners even fit for purpose?

Evidence:

In 2021 NOYB reviewed 500 websites (read the article here). Guess what they found…

a screen shot of a typical calendar style date picker

Suspect A:

The Bouncer

  1. Take it or leave it!
  2. Consent is not freely given
  3. Recital 43: Freely Given Consent
a screen shot of a typical calendar style date picker

Suspect B:

The Explainer

  1. Unhelpful justifications as to why consent should be given
  2. Unnecessarily disruptive
  3. Recital 32: Conditions for Consent
a screen shot of a typical calendar style date picker

Suspect C:

The Passive-Aggressive

  1. Consent by veiled threat
  2. Unnecessarily disruptive
  3. Consent is not freely given
a screen shot of a typical calendar style date picker

Suspect D:

The Obfuscator

  1. Unnecessarily difficult for user to understand
  2. Recital 58: The Principle of Transparency
a screen shot of a typical calendar style date picker

Suspect E:

The Peeping Tom

  1. Limits viewport sufficiently to be disruptive
  2. Consent is not freely given
a screen shot of a typical calendar style date picker

Suspect F:

The Tabbed Tyrant

  1. Ticks the box for being transparent, but…
  2. Confusing UI
  3. Usually involves a click maze to get to settings and reject option
  4. Information overload
a screen shot of a typical calendar style date picker

Suspect G:

The Stalker

  1. Consent or be stalked
  2. Sufficiently disruptive to be annoying (viewport hog)
  3. No option to reject
a screen shot of a typical calendar style date picker

Suspect H:

The Implicature

  1. This is not freely given consent!
  2. No option to modify consent (especially users who are not logged in)
  3. Consent is not informed
  4. No option to reject
  5. Recital 42: Burden of Proof and Requirements for Consent
a screen shot of a typical calendar style date picker

Suspect I:

The Jigsaw

  1. Reject hidden in click maze of “options”
  2. Consent is not informed
  3. Recital 32: Conditions for Consent
a screen shot of a typical calendar style date picker

Common crimes to avoid:

  1. Setting cookies that are not necessary before consent
  2. Not classifying cookies correctly
  3. Pre-ticking cookie checkboxes – the user has to do this, not you!
  4. Implied consent (only legal in limited circumstances)
  5. Cookie walls
  6. Deceptive design practices (colours & contrast of CTAs and links, hierarchy)
  7. Not having a consent log
  8. Making the user work hard to delete cookies from your site or withdraw consent
  9. Having no cookie banner or cookie policy where required
  10. No reject option on initial banner, buried reject option under preferences

And definitely don’t do any of these…

a screen shot of a typical calendar style date picker
a screen shot of a typical calendar style date picker

Mitigation:

Find the least annoying but compliant solution, maybe this?

a screen shot of a typical calendar style date picker
a screen shot of a typical calendar style date picker

Community Service:

Don’t get caught in the first place

  1. Know your cookie banner requirements: GDPR Cookie Consent Cheat Sheet
  2. Check out 15 mistakes to avoid: What not to do
  3. Horrify yourself by reading this: 17 Major GDPR fines
  4. If you know nothing: Everything you need to know to be compliant
  5. Experience the frustration: Cookie consent speed run
  6. Make sure your cookie banner is accessible: a helpful guide
  7. My Privacy is None Of Your Business: Enforcing privacy rights everyday