What Do Those “Cookie Consent” Notices Actually Mean?

Cookie Consent Feature

If you’ve been on the Internet for the past few years, you’ve probably noticed a distinct increase in the number of sites displaying boxes that aggressively suggest that you should be okay with cookies. If you’re like most users, you either click the highlighted button they’re not-too-subtly directing you toward or just ignore it as automatically as you do those terms of service you say you read.

Sharp observers may have noticed that most notices don’t give you any other option anyway. There’s not usually a cookie-free version of the site or an item-by-item menu where you can adjust your preferences. In a word, your clicks on simple“cookie disclaimer” boxes don’t actually do much. That might change in the future, though, as active “cookie consent” forms are now the EU’s legal standard.

What are cookies, and why are we worried about them?

Browser cookies are simply text files that get stored in your browser when you visit a website so it can keep track of what you’re doing as you move around. Less fun than edible cookies.

Cookie Consent Cookies

Some, called “technical cookies,” are pretty crucial to most modern websites since, without them, it would be pretty difficult for the site to do things like save your cart, keep you logged in on different pages, remember your preferences, etc. Let’s call these cookies “chocolate chip,” since you can safely assume that pretty much everyone wants them. The EU’s data laws don’t limit these.

Cookie Consent Disclaimer Microsoft

The analytics and tracking cookies, though, are more like oatmeal-raisin: given the choice, you probably wouldn’t eat them, but the people who make them really like them and keep trying to trick you into taking some. These cookies are there to collect data about you and report it to an interested party. That can be the site itself or third parties like Google, Facebook, Disqus, and any number of other advertisers looking to learn more about you and your behavior. These are what the EU is targeting.

Cookie Consent 3
They look delicious, but they are full of lies. And raisins.

These cookies aren’t vital to site functionality, but they do provide important information for sites and companies, as they help monitor how users interact with products, services, and site elements. Tracking cookies are also very important to companies whose business models rely on knowing how to sell you stuff (i.e, advertising), which is what rubs a lot of privacy-conscious users the wrong way.

What do the cookie consent boxes do for me?

Cookie Consent Guardian
The Guardian has a pretty good cookie policy.

According to European privacy laws (GDPR, ePrivacy, etc.), sites that put non-essential cookies in your browser technically have to ask you to consent before they do it. Some cookie consent boxes do work this way, but most of them currently load the cookies without permission and then let you know they exist after the fact. A cookie consent button with actual functionality is the exception rather than the norm.

Cookie Consent Disclaimer
An example of a pop-up that doesn’t quite do it.

In fact, a 2019 study by a team of researchers from Ruhr University Bochum (Germany) and the University of Michigan (US) found that 86% of surveyed sites offered no options other than a confirmation button (like “Accept”) that didn’t affect the cookies on the site at all. They also found that most sites were trying to nudge users toward consenting, and very few gave users a way to opt out short of leaving the site completely.

Cookie Consent Guardian Settings
While even this might not perfectly live up to the new standards, it’s a lot more than most sites do.

In short, most cookie consent boxes are, as of right now, not keeping sites from tracking you with cookies. If they provide an interface where you can set your cookie preferences, they’re probably GDPR-compliant, but if they just have a box with a highlighted “Accept” button, you probably can’t avoid cookies without installing some sort of browser extensions or just exiting the site.

Where did cookie consent forms come from in the first place?

All the rules and regulations get pretty confusing, but here are the broad strokes.

Cookie Consent Ico Consent Form
The ICO’s cookie consent form–pretty much the prime example

2002: The ePrivacy Directive requires EU-based sites to get user consent before serving them cookies. Eventually, this turns into the “Hey, we use cookies” banners and pop-ups we all know and love today.

2018: GDPR comes into force and starts imposing consequences for non-compliance. Sites come under more pressure to get active consent from users rather than just warning them.

2019: Europe’s top court rules that pre-checked boxes in cookie consent forms don’t constitute consent, meaning sites now legally have to get people to actively consent to cookies — no tricks. Ironically, at the time, the court’s own website wasn’t compliant with this rule, which tells you something about how this is being implemented.

Will cookie consent mean something in the future?

Legally, sites that aren’t in compliance with these rulings are supposed to get in line ASAP. In reality, these requirements will put an extra burden on sites that, if past implementation rates are any indicator, won’t lead to very quick adoption.

Cookie Consent Real Cookies

That’s probably due in no small part to the fact that cookies are a great way to check up on how users are interacting with a site, which can translate directly into better sites and higher profits. There’s quite a bit of concern that overly-rigorous regulations could be quite onerous for sites and could also negatively affect user experience. That’s why there’s some noise about possibly putting settings in browsers that sites can detect and automatically make adjustments for, which would be a much more streamlined solution.

Ultimately, though, the whole cookie debate might prove moot. If cookies become an untenable tracking option, we may start seeing the spread of harder-to-block methods like browser fingerprinting. Workarounds and innovations often get standardized if there isn’t a better solution, and cookies and user tracking probably won’t be an exception.

Image credits: Cookie Consent

10 comments

  1. Very nicely written article, very helpful. Many thanks!

    1. Thanks! Glad it helped :)

  2. What effect, if any, do the various cookie blockers have?

    1. Depending on the blocker you’re using, they’re probably pretty effective! Cookies are fairly easy to get rid of, so a good browser extension caen keep you clear of most targeting and analytics.

  3. Yes, but I had to give consent to cookies before I could read this article. How helpful is that (FFS)!

  4. And this is why I refuse to drop my AdBlockers and Content filters! These sites KNOW they’re not following the law ….and yet?…when you’re ready to sign up for anything web-related you’re expected to give them all your info and “abide” by their laws!…so….they want to break the laws and then enforce their own??. Also I’m very selective as to which sites I visit…if I go to a site once and they throw up giant content blocks “begging” me to turn off my AdBlockers?….I add the site to my block list and never return. Life’s too short to have to constantly deal with, and dodge ads.

    1. “These sites KNOW they’re not following the law”
      It’s only illegal if you get caught or if someone wants to make a federal case out of it. :-)

  5. I use adblocker to get rid of these warnings, I believe they auto accept the cookies so I dont have to be bothered seeing theese “ads”. On top of that I use the extension “cookie autodelete” to delete the cookies that were accepted just seconds later.Except those that I choose to save for logins. If a site that I want to support by turning off adblocker has these GDPR cookie warnings popping up, I just turn the adblocker back on. These cookie warnings are just a nuisance and do no good for me.

  6. Agree with TimM above, but in fact it is possible, even if not immediately obvious how, to refuse cookies before reading the article. Sad that while Mr Braun’s article points to the Guardian as a good example, it doesn’t take up Make Tech Easier as a less satisfactory one. …

    Henri

    1. The irony isn’t lost on me at all :D There’s usually at least a bit of divide between information and medium, and I’ve definitely had my own eye-roll moments on other sites as well.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.