Assess the following sentence for signs of rationality:

“Your browser is currently blocking 3rd party cookies. Many companies use 3rd party cookies to remember that you have opted out, so you will need to enable them if you want all of the opt outs on this page to work.”

Me neither.

3rd party cookies notice

Assess the following UX for signs of thoughtful design:

You load up a mobile website and there’s a privacy message obscuring the content and telling you how much your privacy is valued and what your rights are as regards advertising and the sharing of your data. You want to agree to the terms of the message and hurry on to the content but for some reason the button to ‘continue’ is very tricky to scroll to and doesn’t seem to be tappable.

Crazy, right?

Heath Robinson

Whatever we think about the GDPR, it’s clear that many companies completely fail to realise that a whiter-than-white approach counts for little if the first interaction with your digital service becomes confusing or even unusable.

The more I look at pop-ups from consent management platforms (CMPs) and see bigger cookie consent notices, the more I think websites are becoming Heath Robinsons.

Do I really mean that? Well, consider these accurate scenarios:

  • “We value your privacy so much, we refuse to offer you a service (it’s the safest way, don’t you know?)” – N.B. This is the approach taken by many American businesses to deal with EU visitors.
  • (Aforementioned) “We need to cookie you to keep track of the fact you don’t want to be cookied.”

Things get even more absurd when you decide to take ‘granular’ control of your privacy, as is offered by the CMP. Straight off the bat, the CMP may show me, as I arrive on a website, a list of adtech companies that covet me.

Let’s face it, adtech company names were not meant for the light of day. They are horrible B2B names that mean nothing to consumers and sound strange. They are not the New York Times or Volkswagen or Mars, they are Criteo, OpenX, Sizmek – “now then, I’m not sure I want to click ‘yes’ to any of this,” says the guarded punter.

Let’s look at another screenshot. When I try to update my cookie preferences on a publisher site, many opt-outs require that I visit the company’s website to do so, leaving me with the following UX…

cookie list

Maybe Heath Robinson isn’t quite right. Maybe it’s Kafka who deserves the credit. Probably. He already had a hand in those privacy policies of old.

Consider this to finish…

Am I arrogant to expect elegance in GDPR and cookie consent implementations? Seemingly. But as we all parrot so often in this industry, consumer expectations are high.

Anyway, I’m off to spend the rest of my week clicking on opt outs.

Econsultancy has a GDPR guide for marketers, as well as face-to-face and online training courses to bring you up to speed.