Open in app

Sign up

Sign in

Write

Sign up

Sign in

Home

Following

Library

Stories

Stats

UX Collective

We believe designers are thinkers as much as they are makers. https://linktr.ee/uxc

Follow publication

Cookie consent is (still) broken

Lack of real consent and dark patterns are king in this field, but better laws and design ethics can help.

DesignYourPrivacy.eu
UX Collective
Published in
8 min readJun 24, 2020

Photo by Glen Carrie on Unsplash

CCookies carry a sweet, innocent name, but are among the most powerful tools used by corporations to make money in the era of surveillance capitalism. For whom is unfamiliar with the concept developed by Prof. Shoshana Zuboff in her book The Age of Surveillance Capitalism. The Fight for a Human Future at the New Frontier of Power, surveillance capitalism is a business and societal model where companies make huge profits by trading personal information collected from and about people online. These personal data are harvested through cookies and other technologies when consumers visit websites. Some cookies are strictly necessary to allow the website to work correctly, but many others have the only function to track users and to collect valuable personal information that is traded for marketing purposes.

What the law says

Cookies have been explicitly regulated in the European Union since 2002. The ePrivacy Directive states under article 5(3) that cookies that are not strictly necessary cannot be installed on a user’s device without his consent. The user must receive clear and complete information about the reasons why cookies will be installed on his computer before giving his consent. Strictly necessary cookies are those that are essential to browse the website and use its features, such as accessing secure areas of the site, and e.g. those that allow to hold items to purchase in the cart while shopping on the website.

The General Data Protection Regulation (GDPR), in force since May 2018, does not have specific rules about cookies, but the understanding of its principles brings us to conclude that user’s consent is indeed required to install cookies on his device. Strictly necessary cookies do not need an explicit consent.

The ePrivacy Directive probably will be replaced in a (possibly near) future by an ePrivacy Regulation (more on this here). The current text of the Regulation states that not-strictly-necessary cookies will be prohibited unless the user has given his consent, or if they are indispensable for providing a service requested by the user, of if they are required for…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

UX Collective
UX Collective
Follow

Published in UX Collective

537K Followers
Last published 18 hours ago

We believe designers are thinkers as much as they are makers. https://linktr.ee/uxc

Follow
DesignYourPrivacy.eu
DesignYourPrivacy.eu
Follow

Written by DesignYourPrivacy.eu

201 Followers
31 Following

PhD researcher in privacy, design, and ethics| www.designyourprivacy.eu

Follow

No responses yet

Write a response

What are your thoughts?

More from DesignYourPrivacy.eu and UX Collective

See all from DesignYourPrivacy.eu
See all from UX Collective

Recommended from Medium

See more recommendations

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech