Assess the following UX for signs of thoughtful design:
You load up a mobile website and there’s a privacy message obscuring the content and telling you how much your privacy is valued and what your rights are as regards advertising and the sharing of your data. You want to agree to the terms of the message and hurry on to the content but for some reason the button to ‘continue’ is very tricky to scroll to and doesn’t seem to be tappable.
Crazy, right?
Heath Robinson
Whatever we think about the GDPR, it’s clear that many companies completely fail to realise that a whiter-than-white approach counts for little if the first interaction with your digital service becomes confusing or even unusable.
The more I look at pop-ups from consent management platforms (CMPs) and see bigger cookie consent notices, the more I think websites are becoming Heath Robinsons.
Do I really mean that? Well, consider these accurate scenarios:
- “We value your privacy so much, we refuse to offer you a service (it’s the safest way, don’t you know?)” – N.B. This is the approach taken by many American businesses to deal with EU visitors.
- (Aforementioned) “We need to cookie you to keep track of the fact you don’t want to be cookied.”
Things get even more absurd when you decide to take ‘granular’ control of your privacy, as is offered by the CMP. Straight off the bat, the CMP may show me, as I arrive on a website, a list of adtech companies that covet me.
Let’s face it, adtech company names were not meant for the light of day. They are B2B names that mean nothing to consumers and sound strange. They are not the New York Times or Volkswagen or Mars, they are Criteo, OpenX, Sizmek – “now then, I’m not sure I want to click ‘yes’ to any of this,” says the guarded punter.
Let’s look at another screenshot. When I try to update my cookie preferences on a publisher site, many opt-outs require that I visit the company’s website to do so, leaving me with the following UX…
Maybe Heath Robinson isn’t quite right. Maybe it’s Kafka who deserves the credit. Probably. He already had a hand in those privacy policies of old.
Consider this to finish…
Odd that a group of 11 super image-conscious beauty brands use this entire page cookie takeover across all their sites. pic.twitter.com/F8HoCG0tww
— dan barker (@danbarker) July 21, 2018
Am I arrogant to expect elegance in GDPR and cookie consent implementations? Seemingly. But as we all parrot so often in this industry, consumer expectations are high.
Anyway, I’m off to spend the rest of my week clicking on opt outs.
Econsultancy has a GDPR guide for marketers, as well as face-to-face and online training courses to bring you up to speed.
LOL. We should be getting, information that’s “concise, easily accessible and easy to understand, and [using] clear and plain language”. But as OP says, what’s actually happening is the opposite…
*** Most sites just ignore the whole GDPR and do nothing:
https://www.washingtontimes.com/news/2018/jul/22/gays-go-strike-israel-over-surrogacy-law/
*** Other sites display a “cookie banner mark 2”, because they know you just want to click-through quickly and won’t read it anyway. https://edition.cnn.com/
*** A few panic and block you totally. http://www.bakersfield.com/ap/
*** And a handful have been driven mad by consultants and list 100 individual cookies as in this article. Guys, you do not need to do that. GDPR 14.e literally states you can specify “categories of recipients of the personal data”, you don’t need to list them all. Ditto PECR, because its consent rules just changed to match the GDPR’s.
https://www.linkedin.com/pulse/what-pecr-peter-austin/
Yes to all of this. This is the pop-up experience that has infuriated me the most so far: https://twitter.com/rainbowbex/status/1017429728565911552
What happened when I did follow one of the links to those external sites is that I opted out of all of the listed advertisers and clicked “submit”, whereupon the site loaded for a while and then told me that about half of the advertisers that I’d tried to opt out of had had “errors” and I would need to try again. So I did, which resulted in *one* (1) additional successful opt-out, out of about 80 which had mysteriously failed to work.
I can guarantee you I could have sat there clicking for another year and probably still wouldn’t have been able to opt out of all of them.
This is what happens when brands decide that compliance is really only for the legal team to deal with.
You’d have thought that with all that time and effort spent on brand building, site optimisation, customer experience etc this is something they would have considered. If I’m being chippy about it I’d say these things are examples of brands paying lip service to CX but really not caring about customers at all. Or (if I’m in a really foul mood) just making things deliberately difficult so you end up consenting by default/out of despair. The Customer is King – when it’s convenient for us.
I finally got around to writing a piece about how to fix the broken GDPR. TL;DR: get rid of all the text that nobody reads and just show a green/orange/red traffic light
https://www.linkedin.com/pulse/how-fix-gdpr-peter-austin/