People Don’t Want Cookies—But Accept Them Anyway
We’ve all been there. You visit a website for the first time, and a pop-up asks you to “accept all cookies.” At that moment, you’re faced with two choices: either accept the cookies and gain access to the website’s content or leave without being able to view anything.
With the Information Commissioner’s Office (ICO) setting new laws for the use of cookies, there have been some changes on several websites in the UK.
What are cookies?
Cookies are small files stored on your computer when you visit a website. These files allow websites to remember your information and monitor your browsing activities both on their platform and across others. Essentially, there’s a first-party and third-party cookie. First-party cookies are created by the website you’re visiting and help make your experience easygoing. For example, save your login details so you don’t need to re-enter them on your next visit. Third-party cookies, however, track your activities across other websites and use them for advertisement purposes. Often, this tracking happens without users fully understanding the extent of the data being collected. A study by the Pew Research Center found that 79% of Americans worry about companies collecting too much personal information.
Stephen Bonner, Deputy Commissioner of the ICO says, “Very often you’re presented with dialogues pretending to give you control that didn’t. That made it so difficult to reject. Sort of steered you towards acceptance, it was getting towards being manipulative.”
The reluctant acceptance
Before 2024, many websites didn’t offer a clear “reject” button for cookies, leaving users with limited options. Typically, users were presented with a pop-up to “accept all” cookies. Usually, this tactic felt high-handed because it afforded little control over what happened with your data. It’s all in, or it’s all out. On the other hand, if a user wanted to understand what was contained in the cookies before accepting, then they would have to go through several pieces of information that explain how their data is being used. After all, it is required by GDPR for a user to give consent to use their data.
Katie Eyton, Chief Ethics and Compliance Officer at Omnicom Media Group UK, explained on the MadTech Podcast:
“You can’t just ask for blanket consent for ‘marketing purposes.’ You need to specify exactly what those purposes are.“
A 2022 survey by NordVPN revealed that nearly half of users find these banners disruptive and simply click “accept” to proceed.
Katie Eyton continued:
“There’s a flip side where you get the transparency framework and we are getting a different number of purposes being listed and so now, the consumer gets presented with a series of options with an increasing number of different purposes and it’s a challenge like how do you get that specificity without just overwhelming people with so much information and detail that they end up saying Oh my God crap okay just click go because I just want to get rid of it. That’s a real challenge in the industry.”
Many users have distrust toward cookies, due to privacy concerns.
Some users don’t trust the “Reject All” button either. Anecdotal reports suggest that certain sites may track data regardless of consent. Even if you ‘x’(close) the cookie banner, it could mean you’re defaulting, which is the same as accepting the cookie. A practice highlighted in a lawsuit against Sky Betting and Gaming, for allegedly violating GDPR. Users often feel trapped, doubting whether rejecting cookies guarantees privacy.
The ICO on 15th November 2023 issued a reprimand letter to the top 100 most visited websites in the UK, warning that they should include a functional ‘reject all’ button on the cookie banner rather than offering only an ‘accept all’ button. Any Resistance would face sanctions. According to Stephen Bonner, “We will take action when we come across this kind of non-compliance.“ Following this warning from the ICO, several websites in the UK adjusted their cookie settings by introducing a pop-up that included ‘Reject’ alongside an “Accept all“ button. Websites like The Mirror, The Independent, The Express, and The Times have an “Accept” button and a “Pay to Reject” button. If you’re uncomfortable accepting their cookies, then you have to pay to reject the cookies.
In the FAQ section of the Sun, it is written:
“When you visit our sites, you will see a pop-up that asks you to either consent to cookies or pay a small monthly fee. If you consent, then your experience will be as you would normally expect. You can continue to control cookies as before. However, if you choose to opt out of advertising cookies, then we will ask you to pay a small monthly fee to address the shortfall in revenues we need to continue to produce the quality journalism you expect.”
They all have different pricing options for the reject button.
For Apple devices, apps are required to ask users for permission before tracking their data. On the Apple website, the iPhone User Guide is written for its users:
“All apps are required to ask your permission before tracking you or your iPhone across websites or apps owned by other companies for advertising or to share your information with data brokers. After you grant or deny permission to an app, you can change permission later. You can also stop all apps from requesting permission.”
What needs to change?
If organizations want to see meaningful change, ethical data practices should be implemented. Simplified settings related to cookies and honest, accessible explanations so users can make their choices. Governments also have a role to play in implementing tougher penalties for companies misusing cookie data or using deceptive patterns of consent. Organizations seeking meaningful change need to do more than the bare minimum to comply with legislation. They have to create systems and policies that respect user rights, trust, and preferences without creating economic burdens or inconveniences.
“Building with them gives you sustainable growth and that’s what we want because there are great things organizations can do with your data,” says Stephen Bonner.