An examination of cookie popups and why they should be designed with trust and privacy in mind.
Finally, I reached my curiosity breaking point. After seeing Cookie Popups repeatedly appearing for so long, I had no choice but to gain a deeper understanding of the significance of these consent popups.
I did this by conducting a single-day experiment. It entailed wiping the Cookies from my browser and analysing every website Cookie Popup I encountered from a designer’s perspective.
My initial assumptions
- Why are Cookie Popups poorly designed and take so much of our time?
- Why do Cookies and Cookie Popups exist, and are they needed?
For their descriptions, I referenced Wikipedia.
Cookies are blocks of data transferred from websites onto the user’s device/s (computer, phone or similar). They enable web servers to store and track the user’s browser activity.
Website cookie popups are informed consent popups for the user to accept or decline the use of Cookies from the website.
As I embarked on the experiment, I created a spreadsheet. Here, I recorded the design decisions and the flows step by step of each website Cookie Popup.
In total, I recorded 48 Cookie Popups. The results showed that most Cookie Popups lack UX accessibility and empathy for the user. This was done through inconsistent designs, misleading wording, biased button designs, and ambiguous “Decline” option flows. Below are the top five takeaways from the analysis of my data.
Vitaly Friedman interviewed 62 people about the role of privacy and explained in his 4 part article titled Better Cookie Consent Experiences that:
many implementations don’t even respect users’ decisions anyway and set cookies despite their choices, assuming that most people will grant consent regardless.
Vitaly points out that business needs outweigh the user’s needs. Furthermore, he states that
users could easily see through the companies’ agendas
This leads me to conclude that website Cookie Popups are intentionally poorly designed and incorporate deceptive design patterns.
To note — On the positive side, there are user-friendly Cookie Popups, even though they are rare.
In collecting and analysing the Cookie Popup screenshots, I found I had yet to complete the tasks I had planned for that day. The experiment I conducted increased the time it usually takes to decide whether to “Accept” or “Decline” or read through the small print of the Cookies on every website I visited before making a decision (who has the time to read the small print?).
Okay, that is as expected as conducting any experiment time is needed.
However, this made me think. What if the website Cookie Popups did not exist? Inevitably, the user would have more time to do what they wanted. Conversely, the website might need help to develop a catered experience for the website visitor. Furthermore, the downfalls previously mentioned would not exist.
With 725.8 million internet users in Europe or thereabouts, can you imagine how many Cookie Popups appear, how much data is accumulated, and how much time is spent clicking through the popups?
Have you ever considered how much time you spend clicking on Cookie Popups and what you could do with that time?
Depending on your actions and how many websites you visit, the time it takes to go through the Website Cookie Popups is between less than a second and possibly into minutes. Then imagine adding all this time together; how much time would you have accumulated or lost, depending on your actions?
Thankfully, each website is supposed to save your initial Cookie Popup selections.
To conclude, the Collective Analysis section shows that Cookie Popups are time-consuming. This possibly is consequential; nevertheless, it is a consequence of bad design, which puts Cookie Popups into the “attention economy” category. If your time equals your attention, then how much of your attention is taken from you when interacting with Cookie Popups?
Earlier in this article, I asked, “Who has the time to read the small print?” on the Cookie Popups. I put this question to you because the intention behind the Cookie Popups should be explained within the small print.
To save some time, GDPR.EU explains their intention as follows:
“In and of themselves, cookies are harmless and serve crucial functions for websites. Cookies can also generally be easily viewed and deleted.”
The website continues:
“cookies can store a wealth of data, enough to potentially identify you without your consent.”
All about Cookies answers the question: Are cookies safe to accept? with
Yes, most cookies are safe to accept. They’re intended to personalise your online experience and add to your convenience when using a website.
In other words, by pressing the “Accept” button, you gain convenience and grant websites access to your data. In contrast, when you press the “Decline” button, you gain a sense of partial personal data privacy.
On a side note
If you are concerned about your data when using AI (LLMs), read Professor Uri Gal’s article in The Conversation, “ChatGPT is a data privacy nightmare. If you’ve ever posted online, you ought to be concerned“. My three key takeaways from his piece are:
- The data (prompts) you input into ChatGPT now belong to ChatGPT.
- They also have Cookies and can share the Cookie data they obtain with other companies.
- Your written content on “a blog post”, “product review, or” if you’ve “commented on an article online, there’s a good chance this information” is consumed by ChatGPT.
Additionally, All About Cookies in their “Should You Accept Cookies?” page passively indicates the following:
“Collection of all this data may seem like an infringement on your privacy, and it can be. But sometimes cookies collect this data to help you”.
This needs further research to divulge fully. Nonetheless, I share my findings not to alarm you but to make you aware, even though it is somewhat scary.
The takeaway
Jon Reily says:
Some say the days of true privacy are over while others fear that we’ve gone too far and barriers need to be put into place.
Is the debate about privacy over? Not even close.
The user may gain convenience by pressing “Accept,” but at what cost? Is the user fully informed of the possible consequences? This point reiterates that the design of Cookie Popups is intentionally poorly designed and incorporates dark design patterns, which in some instances allows for the breach of user privacy.
If you have concerns browsing the internet and allowing Cookies to track your interactions or have grown tired of inconsistent and poor Cookie Popup designs, read Matt Burgess’s article on How to bypass and block infuriating cookie popups. Or, consider a VPN, a virtual private network service.
I firmly believe that choice is fundamental in all aspects of life, and choice is the original intention of Cookie Popups: the choice to share your data. The intention needs to be recovered in the majority of Cookie Popup designs as it seems to be forgotten or ignored.
If the design disadvantage outweighs the advantage, it is poor design. To quote Ehsan Noursalehi from “Why Do We Interface” and from the perspective of a designer:
“Our job is to design communication, or rather to encode information in a way that it can be reliably decoded by another human being.”
If the website Cookie Popup is challenging to decode for the user, it is a failed design, and the user’s experience follows.
If you want to stand out amongst the crowd and design a successful and user-friendly Cookie Popup, an excellent place to start is at Nerd Cow. Then have a read over Greet Jans’s article to help you “breakthrough digital sameness” and again reference Vitaly Friedman for his in-depth Cookie Popup analysis and design suggestions.
Looking back at the experiment, are my assumptions proved right or wrong?
Assumption 1: Why are Cookie Popups poorly designed and take so much of our time? The experiment proved my assumption that website Cookie Popups could be better designed and not lead the users with time-consuming dark design patterns.
Assumption 2: Why do Cookies and Cookie Popups exist, and are they needed? Cookie Popups are required for everyone’s sake, so they should be designed empathetically and consistently. If the Website Cookie Popups strategy is designed with the user in mind, the results will develop trust towards the user’s privacy and give them more time to do what they need. Trust is not a finite resource, as written in The State of UX in 2024.
We can’t just design our way out of the insidious digital environments we created over the past decade. A modal asking for cookie permissions or warning about potential risks is not stopping users anymore — we are way past this point. We made our digital products all too convenient, and the ubiquitous yet impenetrable legalese of user agreements has made people numb to risks.
So, let’s begin re/designing our Cookie Popups with trust, UX accessibility and empathy. Then examine the original intention of your Cookies and their Popups and consider what you/your company aims to communicate through them. Wheather its trust and transparency or fear and the promotion of numbness to risks because the users will inevitably see through the agenda.
Love or hate them, Cookies are here to stay. Accept or Decline them; either way, you have the right to choose. Design with insight; don’t abuse the confidence the user places within you.