This is Part 3 of a series on digital privacy…or the lack thereof
Now, we turn our look at the infamous “cookie monster”. Of course I am not talking of the beloved Sesame Street character that has delighted children for decades.
I am referring to the bane of our online experiences: the horrendous and annoying banners that are now plaguing our daily internet life.
Generally speaking, third-party cookies and Google Analytics cookies are the ones that are more likely to leak your information to other companies for marketing purposes, so if you care about your online data privacy, those are the ones to disable.
The Birth of The Cookie Banner
Companies should, both legally and ethically, provide an easy way to decide which cookie to accept. However, in the real world, it is up to you. This is where the notorious banners come in.
Since the GDPR became the law of the land in Europe, companies have to provide a way for the user to adjust their cookie settings, including opting out. This opened the flood gate for all those incomprehensible Privacy Notices and the really annoying pop-ups “cookie notice warning”.
However, most of them are so incredibly complex, and confusing that most users automatically close them without making any change. Closing a cookie banner implies consent to the defaults set by the company: to comply with the GDPR, EU companies need to make sure the defaults are set to the highest privacy levels, but it is not a rule everywhere else, and definitively not in the United States.
A recent paper by Hana Habib et al., aptly named “Okay, whatever”: An Evaluation of Cookie Consent Interfaces”, confirmed that the common reaction is to close them immediately, without interacting with them. The paper also defines a few guidelines for better cookie banners.
Generally speaking, if you want to maximize your privacy, you should opt out of all cookies except the essential ones, but most companies sure don’t make it easy.
The Best Case Scenario
I want to start on a positive note, though. Some sites actually do not sell data, to begin with.
While these banners are annoying no matter what, some companies actually do it better, providing a one-click rejection of all cookies, and minimizing disruption.
The Mediocre, The Bad and The Evil
Unfortunately, most websites do not adopt these best practices, due to ignorance or malice. Most of them are on the right side of the law, but they make the process unnecessarily complicated. They add what Thaler and Sunstein call “sludge” in their book Nudge (2008, 2021).
It Could Be Worse
Sometimes the choices are just confusing due to their design.
Some companies try to convince you that cookies are just for your own good
Some privacy banners make it very difficult to choose what is best for you. I am all in favor of information, but it can be downright ridiculous.
Some companies make you decipher a wall of small text or even email them to opt out.
You may think you can’t do any worse. I beg to differ. Here is Fast Company Website (https://www.fastcompany.com/). They do not have a banner at all. If you want to opt out or even check what the privacy defaults are, you need to investigate. If you scroll all the way to the bottom, there is a tiny menu.
To their credit, after I emailed them, they answered me to let me know they received the request and a few days later, apparently, they took care of it. However, this was only for Not Selling my Data. If I wanted to download my data, I needed a new request.
Really REALLY Evil
Acxion is a data broker company, even if they try to convince you that they care about ethics (https://www.acxiom.com/data-privacy-ethics/) and “fostering, promoting and enabling an ethical and responsible data-use culture”. No surprise then that their privacy implementation is pure evil by design.
The option times out and disappears. If you need to opt-out , then you need to fill out a form, and individually opt-out for phone numbers, addresses and emails, 3 forms in total. https://isapps.acxiom.com/optout/optout.aspx
There is an almost infinite variation of the cookie banner, and most of them are bad, confusing and/or misleading. We can’t expect companies to stop collecting tracking cookies any time soon, and without expanded privacy laws and strong enforcement of the one that exists, they will have no motivation to do it.
So, get in the habit of checking the cookies: it may be adding a few seconds and some annoyance, but I feel it may be a price worth paying.
Hana Habib, Megan Li, Ellie Young, and Lorrie Cranor. 2022. “Okay, whatever”: An Evaluation of Cookie Consent Interfaces. In Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (CHI ‘22). Association for Computing Machinery, New York, NY, USA, Article 621, 1–27. https://doi.org/10.1145/3491102.3501985
Thaler, R. H., & Sunstein, C. R. (2021). Nudge: The Final Edition (Revised ed.). Penguin Books.