How Cookie Banners Backfired – The New York Times


The DealBook newsletter delves into a single topic or theme each weekend, providing reports and analysis that provide insight into an important issue in business. If you do not yet receive the daily newsletter, register here.

From Washington to Brussels, policymakers are focusing on digital privacy. Just this week three states and the District of Columbia have filed a series of lawsuits against Google, accusing it of violating consumers’ right to privacy. Dozens of invoices have been presented to Congress compel companies to develop digital tools that help users manage their privacy. And companies spend billions of dollars to comply with – or circumvent – the maze of complex privacy laws that already exist.

This week happens to be known as Data Privacy Week.

But there is an inconvenient truth about all the efforts that have been made to create and enforce digital privacy safeguards: when it comes to the most expansive internet privacy rule day, the public doesn’t seem to care – or, more accurately, they don’t. seem to have the knowledge or the tools to benefit from it effectively.

Four years ago, the European Union General Data Protection Regulation entered into force. It requires any website accessible in Europe, that is to say most websites, to publish a notice of its privacy policy and to give users the opportunity to accept or refuse cookies, files that collect their data. When it passed, many digital privacy activists thought digital privacy was on its way to being solved.

This is not how things happened. The last time a pop-up appeared on a website asking if you allow cookies to gobble up your personal data, did you actually read the fine print or think for more than five seconds before pressing on “accept?” Me niether.

“Nobody reads the cookie banners,” said Max Schrems, an Austrian privacy advocate who played a key role in pushing for the regulation. “They have become almost a useless exercise.”

In fact, it’s worse. In practice, the proliferation of cookie banners has both numbed people and given companies another way to manipulate users.

Companies have turned cookie banners into a tool that does the opposite of what regulators wanted. Have you heard of “search engine optimization?” There are now companies, called consent management platforms, that promise “consent rate optimization”, meaning they create cookie banners that will trick people into clicking the “accept” button. A simple example: According to a study, removing the “opt out” button on the cookie banner home page increases consent by 22 or 23 percentage points. Some of these companies claim they can achieve a 90% consent rate.

A common consumer response is what two communications professors, Nora Draper and Joseph Turow, described in a 2019 article as a “digital quit.” It’s a mindset in which users know full well that their data is appropriated and monetized—and also know that it’s being manipulated online—but don’t feel like they can do anything about it. They are resigned to allowing this to happen because they see it as the unfortunate price of being an Internet user.

“Most people don’t even know what cookies are,” said Florian Schaub, a University of Michigan privacy expert and co-author of several studies on cookies and cookie banners. “In our research, we found that pressing the ‘accept’ button is not actually indicative of consent,” he added.

Of course, there is no doubt that people to want care about data privacy. In California, a ballot initiative strengthening state privacy laws passed in 2020 with 56% of the vote, despite the usual opposition from big tech companies. The new law includes the creation of the California Privacy Protection Agency to enforce state data privacy rules. He will be able to issue subpoenas and will have the power to enact regulations. It’s hard to know right now – the new law won’t come into force until next year – but it’s possible that tougher enforcement will finally force tech companies to make choices easy for consumers. enlightened.

In the meantime, privacy campaigners like Mr. Schrems believe the real answer is to create easier ways for consumers to make decisions — simple and infrequent — about how they are tracked. Mr. Schrems, for example, is working on ways to eliminate cookie banners entirely by creating software that would send automatic signals from your browser. It could work like browser settings that block pop-up ads rather than asking a user to make that decision for each website, removing the need for multiple intentionally complex banner clicks. It would also be much more difficult for companies to give consent to gambling.

For now, however, we’re still stuck with cookie banners. And always on our own to decipher each website’s terms and make a thoughtful decision – at least, when we’re not in a rush.

What do you think? Do most Internet users care about controlling their data? What tools do they need to do this effectively? Let us know: [email protected]


Comments are closed.