Assess the following sentence for signs of rationality:

"Your browser is currently blocking 3rd party cookies. Many companies use 3rd party cookies to remember that you have opted out, so you will need to enable them if you want all of the opt outs on this page to work."

Me neither.

3rd party cookies notice

Assess the following UX for signs of thoughtful design:

You load up a mobile website and there's a privacy message obscuring the content and telling you how much your privacy is valued and what your rights are as regards advertising and the sharing of your data. You want to agree to the terms of the message and hurry on to the content but for some reason the button to 'continue' is very tricky to scroll to and doesn't seem to be tappable.

Crazy, right?

Heath Robinson

Whatever we think about the GDPR, it's clear that many companies completely fail to realise that a whiter-than-white approach counts for little if the first interaction with your digital service becomes confusing or even unusable.

The more I look at pop-ups from consent management platforms (CMPs) and see bigger cookie consent notices, the more I think websites are becoming Heath Robinsons.

Do I really mean that? Well, consider these accurate scenarios:

  • "We value your privacy so much, we refuse to offer you a service (it's the safest way, don't you know?)" - N.B. This is the approach taken by many American businesses to deal with EU visitors.
  • (Aforementioned) "We need to cookie you to keep track of the fact you don't want to be cookied."

Things get even more absurd when you decide to take 'granular' control of your privacy, as is offered by the CMP. Straight off the bat, the CMP may show me, as I arrive on a website, a list of adtech companies that covet me.

Let's face it, adtech company names were not meant for the light of day. They are horrible B2B names that mean nothing to consumers and sound strange. They are not the New York Times or Volkswagen or Mars, they are Criteo, OpenX, Sizmek – "now then, I'm not sure I want to click 'yes' to any of this," says the guarded punter.

Let's look at another screenshot. When I try to update my cookie preferences on a publisher site, many opt-outs require that I visit the company's website to do so, leaving me with the following UX...

cookie list

Maybe Heath Robinson isn't quite right. Maybe it's Kafka who deserves the credit. Probably. He already had a hand in those privacy policies of old.

Consider this to finish...

Am I arrogant to expect elegance in GDPR and cookie consent implementations? Seemingly. But as we all parrot so often in this industry, consumer expectations are high.

Anyway, I'm off to spend the rest of my week clicking on opt outs.

Econsultancy has a GDPR guide for marketers, as well as face-to-face and online training courses to bring you up to speed.

Ben Davis

Published 23 July, 2018 by Ben Davis @ Econsultancy

Ben Davis is Editor at Econsultancy. He lives in Manchester, England. You can contact him at, follow at @herrhuld or connect via LinkedIn.

1244 more posts from this author

You might be interested in

Comments (3)

Pete Austin

Pete Austin, Founder and Author at Fresh Relevance

LOL. We should be getting, information that's "concise, easily accessible and easy to understand, and [using] clear and plain language". But as OP says, what's actually happening is the opposite...

*** Most sites just ignore the whole GDPR and do nothing:

*** Other sites display a "cookie banner mark 2", because they know you just want to click-through quickly and won't read it anyway.

*** A few panic and block you totally.

*** And a handful have been driven mad by consultants and list 100 individual cookies as in this article. Guys, you do not need to do that. GDPR 14.e literally states you can specify "categories of recipients of the personal data", you don't need to list them all. Ditto PECR, because its consent rules just changed to match the GDPR's.

23 days ago

Rebecca Sentance

Rebecca Sentance, Deputy Editor at EconsultancyStaff

Yes to all of this. This is the pop-up experience that has infuriated me the most so far:

What happened when I did follow one of the links to those external sites is that I opted out of all of the listed advertisers and clicked "submit", whereupon the site loaded for a while and then told me that about half of the advertisers that I'd tried to opt out of had had "errors" and I would need to try again. So I did, which resulted in *one* (1) additional successful opt-out, out of about 80 which had mysteriously failed to work.

I can guarantee you I could have sat there clicking for another year and probably still wouldn't have been able to opt out of all of them.

22 days ago


Joel Coppersmith, Head of Marketing at Databoxer

This is what happens when brands decide that compliance is really only for the legal team to deal with.

You'd have thought that with all that time and effort spent on brand building, site optimisation, customer experience etc this is something they would have considered. If I'm being chippy about it I'd say these things are examples of brands paying lip service to CX but really not caring about customers at all. Or (if I'm in a really foul mood) just making things deliberately difficult so you end up consenting by default/out of despair. The Customer is King - when it's convenient for us.

For anyone interested Databoxer has helpfully gathered together a list of things brands are getting wrong with their approach to consent management:

14 days ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.