Only 11.8% of website ‘cookie banners’ are complying with GDPR

Designs that remove opt-out button from first page increase consent by 22 to 23%

GDPR: not many websites meeting minimal requirements
GDPR: not many websites meeting minimal requirements

The GDPR was introduced in May 2018 and with it came consent management platforms (CMPs) designed to aid websites in conforming to the new regulation while collecting and processing a user’s personal information. Two years on and it looks like only 11.8 per cent of websites meet the minimal requirements based on European law.

A collaborative study from University College London, MIT and Aarhus University in Denmark scraped the designs of the five most popular consent management platforms used by the top 100 visited websites in the UK. One of these minimal requirements is to allow the user to provide freely given and unambiguous consent. The study authors say: "So-called 'implicit' or 'opt-out' consent – continuing to use a website without active objection to a notice – is not a clear positive action and as such will not establish a valid legal basis to lay cookies or process data on the basis of consent."

Additionally, the researchers carried out a study on user experience of these CMPs and found that the design of these pop-ups – known as cookie banners – has an impact on whether consent is given or not. Designs that remove the opt-out button from the first page increase consent by 22 to 23 per cent whereas providing the user with more granular controls on the first page decreases consent by 8 to 20 per cent. arxiv.org