16 years after it passed the e-Privacy Directive, the EU wants to do something about annoying cookie consent pop ups. Oh thank God, say all Europeans including Tim Green, director of MEF’s ID and Data programme…
I keep seeing the same phrase repeated across the Internet: Â America innovates. China imitates. Europe regulates.
It’s a gross generalisation, of course. But it does have a grain of truth. Europe – more specifically the EU – does place a higher emphasis on consumer protection than its global counterparts. It does so for laudable reasons. But does this regulation put a brake on innovation? Possibly. But what can’t be argued is the negative impact on user experience.
Case in point: cookie regulation.
For the last 16 years anyone visiting a web site in Europe has had to negotiate pop ups requesting consent to access cookies. It’s all very annoying. But just normal for us now. We Europeans can’t remember life before the pop ups.
Does it have to be this way? Well, finally, the EU has come to the conclusion that maybe it doesn’t. According to a report by Politico, EU leaders are considering a re-set. They just met with the tech industry to review the handling of cookies and consent banners.
They discussed how the rules might change to include more exceptions or even let users set their own preferences once instead of every time they visit a website. Let’s hope they crack on with it. The current situation is a classic example of unintended consequences. Here is some context.
So we have a load of rules. But we also have something else: the desire to bypass them. Perhaps the EU assumed all websites would have a simple tick box and the impact on UX would be minimal.“
Web developers use cookies to collect data about visitors which they use to make the site run better. There are four main cookie types:
- Strictly necessary: they enable core features like login and site navigation
- Preferences: they remember user choices, such as language and regional settings
- Statistics: they collect data on how users interact ti improve website performance
- Marketing: they track visitors’ browsing activity across websites
In the early days of the web, cookie abuse ran wild. The EU responded in 2009. It passed the e-Privacy Directive to require websites to get active consent from users before loading cookies (apart from ‘strictly necessary’) on their devices.  But because it was a directive and not a regulation, EU member states were free to incorporate the guidelines in their own way. That led to more work for website owners. In fact, there’s even a website called Cookiepedia that lists the local variations.
As if that wasn’t enough, later came another cookie-impacting regulation: GDPR. Its reach extends to details that can be used to identify users, such as IP addresses, device IDs, and browser activity. In other words: cookies.
So we have a load of rules. But we also have something else: the desire to bypass them. Perhaps the EU assumed all websites would have a simple tick box and the impact on UX would be minimal.
Er, no.
Instead – as we all know to our frustration – companies obfuscated. They greyed out ‘do not consent’ boxes and invited users to unclick cookie consents one by one. They even erected ‘cookie walls’ with no option to reject cookies at all. More recently, many have started to demand: agree to cookies or pay.
It’s easy to see both sides of the argument. Imagine if every time we visited a physical store we had to fill out a form. What a pain.
But imagine that every time we visited a physical store, the shopkeeper recorded our movements, tracked our purchases and shared them with all the other shops in the street. What an outrage.
So here we are. What a mess.
If there is now the possibility of a re-set, it won’t be easy or quick. After all, a proposal to streamline consent banners was first presented to the EU in 2017. It came to nothing. Meanwhile, the regulations keep on coming. It’s just over two years since the Digital Services Act and Digital Markets Act. Next year, the European Commission is expected to present a new Digital Fairness Act (DFA) to combat ‘problematic practices’ such as addictive design, influencer marketing, unfair contract terms and more.
Of course, there is one more potential solution to the cookie problem: the market. The privacy-aware consumer can already shop around for multiple browser extension products that block all pop-ups.
The new EU activity could end the market for these solutions. But don’t hold your breath.
Find out more about the themes discussed –Â Join the MEF ID & Data Interest Group.
