Browser-Level Cookie Controls Better Reflect User Preferences, finds Government-Backed Study

Tim Cross-Kovoor 05 September, 2024 

The EU’s General Data Protection Regulation (GDPR) was designed to give Europeans more control over their personal data. But for many, the most noticeable consequence of GDPR has been the prevalence of more intrusive cookie banners across the web. Where once these banners sat at the bottom of a web page, the need to actively collect consent means that these banners are now the first thing a user sees, blocking access to content until they’ve made their consent decisions.

GDPR was enshrined in UK law before it left the EU, meaning many GDPR principles still apply in the UK. But the previous government sought to update legislation to try and get rid of cookie banners, while maintaining (at least some) privacy protections.

One proposed solution would be to mandate that cookie preferences are collected at the browser level and applied across all websites. The government commissioned a study, conducted by The Behavioural Insights Team (BIT), a behavioural science consultancy, to measure the impact of browser-level cookie controls. The study overall found that browser-level controls generally resulted in lower opt-in rates for cookies, though not nearly as low as some might have feared. In fact the study found a surprisingly high level of acceptance for web browser cookies – though knowledge of what cookies are actually used for was found to be poor.

The results are significant not just because the UK government may impose such a measure, but because Google is planning to run browser-level controls as an alternative to deprecating third-party cookies. Some have suggested that such a move will be a de-facto deprecation of third-party cookies, anticipating extremely low opt-in rate – this new study suggests that won’t necessarily be the case.

No cookipocalypse

The study tested opt-in rates across a range of different designs for browser-level cookie controls, as well as a control option which mirrored current best practices for site-level cookie setting. At the browser level, BIT tested:

  • A mechanism where all cookies were opted-in by default, and users could choose to opt-out
  • A mechanism were all non-essentially cookies were opted-out by default, and users could choose to opt-in
  • A mechanism where users were given information and examples of what each type of cookie does, and had to accept or decline at a more granular level
  • A mechanism where a sliding scale was used to set cookie preferences

BIT wanted to test how the opt-in rates across all these different variants compared with users’ stated privacy preferences, to see which mechanism best reflected average attitudes in opt-in rates. And in its survey of study participants’ preferences, acceptance of cookies was found to be surprisingly high.

Under BIT’s definitions, 53 percent of participants stated preferences suggested that they should opt-in to all cookies. This might be a generous definition, since BIT placed anyone who was either “very comfortable” or “somewhat comfortable” with sharing their data in this category. Meanwhile BIT found 42 percent of participants to be “customisers” – people who aren’t comfortable sharing data, but believe cookies serve important functions. The remaining five percent, the “decliners”, would be expected to opt-out of all cookies.

These therefore were the consent rates which BIT looked for across all the different consent mechanisms it tested.

Unsurprisingly, the browser-level controls where all cookies were selected as ‘opt-in’ by default had the highest consent rate of all, with eighty percent of users accepting all cookies. The website-level control, reflecting the status quo, was marginally behind, with 78 choosing to accept all cookies.

The other three mechanisms had much lower opt-in rates, but they were more aligned with users’ stated preferences. The option which gave the most detail on cookie choices performed best of all, compared to BIT’s expected opt-in rates: 53 percent accepted all cookies, 39 percent customised their choices, and eight percent declined all.

This represents a significantly lower opt-in rate than the status quo. But it’s not nearly as low as rates reported on Apple’s App Tracking Transparency, usually reported at around 25-35 percent.

Not a black and white issue

It’s perhaps not surprising that the consent mechanism which gave the most detail about what cookies do led to opt-in rates which better reflected users’ preferences. This kind of consent tool however would become unwieldy at the website level, requiring users to make detailed cookie choses every time they open a new website. Hence the argument for browser-level controls

The good news for those in the industry who would like to see access to advertising cookie kept high is that while browser-level controls will see cookies made less readily available, this study suggests the fall might not be as dramatic as some have anticipated (while reinforcing the importance of the consent mechanism’s design in influencing opt-in rates). An argument could be made, using this data, that browser-level consent collection keeps access to cookies at a respectable level, while respecting user choices and creating a less frustrating user experience.

However cookie consent is rarely black and white. Privacy advocates could point to other findings in the study, highlighting lack of knowledge around cookies’ purposes and uses, to argue that people don’t really know what they’re opting in to when they opt-in to cookies, thus invalidating consent.

Only 57 percent for example thought that cookies could be used to track what they’ve looked at on a website, while just 44 percent believed cookies could collect location data.

Follow VideoWeek on Twitter and LinkedIn.

2024-09-05T13:26:22+01:00

About the Author:

Tim Cross is Assistant Editor at VideoWeek.
Go to Top