DESIGN PRINCIPLES
It’s time we fix the unethical design of cookie consent windows
How can we design an ethical and transparent cookie consent window instead of forcing users to accept all cookies?
All of the sites we visit today use trackers called cookies. These cookies (trackers) always track our internet footprint and collect data about us as soon as we accept them. This data includes the sites we visit, our shopping habits, our IP address and where we click on websites.
Thanks to this data, advertisers can profile us and place spot-on ads. Then we keep wondering why the product we talked about a few hours ago appeared on our Facebook timeline.
The most well-known of these trackers are Facebook and Google. They are even fined millions of dollars for cookie consent dark patterns. But almost every company continues to use these trackers.
Before the data protection laws like GDPR and CCPA were enacted, companies could place trackers on your browser without your consent.
However, thanks to data protection laws, sites are now obliged to inform users about cookies (trackers) and cannot track them without the user’s consent.
But designers have learned to get around this law and are using different design techniques to make users accept all cookies (trackers) anyway.
I’m targeting designers, not companies, in this article. I need to write another article about companies. I think each designer is responsible for their own design and must ensure that their design is ethical.
Now, let’s examine the cookie consent window designs of two companies (N26 and Revolut) and learn about the design techniques they use.
N26
As soon as we enter N26’s site, the cookie consent window opens and we cannot use the site. They say they track us with cookies/pixels (trackers) and optimize the site with the data they collect.
When we check the cookie (tracker) settings, we are bombarded with information. We also see “marketing” cookies implicitly told to us.
However, they did not give us clear information on this subject in the previous short text. N26’s strategy is to annoy people with unnecessary details and make the user accept all cookies.
According to a study conducted by Filip Nyquist and Teo Hildebrand, most of the cookie settings pages and/or policy’s are rated in a level of college or college graduate, as per the United States school system.
By the way, they want to keep track of this much data, but we do not see a button to “accept only necessary” cookies. When we scroll down a ton of information, we finally see the “Save cookie settings” button.
Instead of showing the “accept necessary cookies” button by default in this window, the designers decided to hide it. Because they know people doesn’t read and won’t scroll through the window. So they just keep “accept all cookies” button in front of us and offer “one choice”.
But what they have to do is write a short and clear content for each section and keep both buttons (Reject / Accept) in front of us. Most importantly, the “reject cookies” or “accept necessary” button should be the default.
Now let’s take a look at the second company.
Revolut
Likewise, Revolut shows the cookie consent window when we enter the site and we cannot use the site. Revolut explained how they would use the information more clearly than N26.
However, only the “accept all cookies” button is still set by default.
In the “Manage cookies” window, it is clearly stated how the data will be used and with which companies it will be shared.
There is one small problem though. Although there is enough space, the “save cookie settings” button is placed in the invisible part of the window. We have to scroll down to see it. By the way, why is the “analytics and advertising cookies” switch turned on by default? Defaults are important.
If possible, do not use any cookies
Cookies (trackers) collect our personal data and store it on the servers of companies such as Google, Facebook or Microsoft. This poses a serious danger to our privacy. The best solution is to not use any cookies on your site.
However, if you are going to use it, you must ethically design the cookie consent window, and be transparent to the users.
If you want to monitor analytics, at least use alternative privacy-first products like Simple Analytics.
How to design a cookie consent window?
Don’t! But at least, when designing a cookie (tracker) window, keep this thing in mind: be transparent.
You must clearly state what data you collect and how you’re going use it. Don’t use jargon and don’t play word games.
The “reject cookies or “accept necessary” button should be the primary, while the “accept cookies” should be a secondary button.
Or both buttons can have the same importance. Thus, you do not redirect to any button and leave the selection to the user.
Another point we need to pay attention to is the name “cookie”. The real name of these “cookies” is trackers. Their main purpose is to track you. Therefore, it would be more correct to use the name “tracker”. Better not hide it behind a sweet word.
Conclusion
We examined a UI component that we see every day, but that the designers did not design correctly.
Never in history has designers had such a great influence on people. The product designed by a group of designers now affects millions of people.
We must recognize the power we have and think ethically in every design decision we make, not just “cookie”.
References
- Google to update cookie consent banner in Europe following fine
- Cookies: FACEBOOK IRELAND LIMITED fined 60 million euros (2022)
- France spanks Google $170M, Facebook $68M over cookie consent dark patterns (2022)
- France fines Google $120M and Amazon $42M for dropping tracking cookies without consent
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Cookies, GDPR and Dark patterns: Effect on consumer privacy. Filip Nyquist, Teo Hildebrand. (2021)
- Dark and bright patterns in cookie consent requests. Grassl, Paul & Schraffenberger, Hanna & Borgesius, Frederik & Buijzen, Moniek. (2020).
