Dark patterns are UI/UX cookie banner practices that aim to lure internet users into providing consent for cookies. According to the GDPR, dark patterns are illegal, making consent obtained that way invalid. Read more about it here.
If you want to make data-driven decisions, you want your users to accept your cookies. The users, on the other hand, often ignore cookie consent requests. As a result, website owners want to know where to position the cookie banner and design it to get as many cookie consents as possible. Learn more about GDPR compliance and the GDPR cookie guidelines.
There is an academic paper exploring these questions. It has been conducted by five researchers from the Ruhr University of Bochum and one from the University of Michigan. They have studied what practices work best for a higher acceptance rate.
Before diving deep into the research findings, we want to emphasize that some are about dark patterns, but we do not support them in our cookie banner solutions.
Dark patterns are UI/UX cookie banner practices that aim to lure internet users into providing consent for cookies. According to the GDPR, dark patterns are illegal, making consent obtained that way invalid.
Explore more privacy compliance insights and best practices
Secure Privacy cookie banners feature no dark banners and obtain consent as per the GDPR cookie consent requirements. We do not support the use of dark patterns, yet many websites all over the internet still do. Learn the 6 Steps for Website Compliance.
TEST YOUR COOKIE BANNER KNOWLEDGE
Name of the paper: (Un)Informed Consent: Studying GDPR Consent Notices in the Field.
When it has been published: Conducted in late 2018 and early 2019, published in October 2019
Who conducted the research: Florian Schaub of the University of Michigan and Christine Utz, Martin Degeling, Sascha Fahl, and Torsten Holz - all of the Ruhr-Universitat Bochum.
Sample: The visitors of a German-language e-commerce website with 15000-20000 unique visitors per month. The cookie consent banners had been shown to a total of 82.890 visitors of that single e-commerce website.
Method: Researches first identified the most common UI/UX practices by gathering data from a sample of notices of 1000 live websites. They showed the most common designs to the 82.890 visitors of the e-commerce website. After collecting data on how a specific user has interacted with the cookie banner, they were asked to fill out a follow-up survey to further explain their selection motivation. More than 100 participants had answered the survey.
What has been explored: Researchers conducted three distinct field experiments to answer the following research questions:
Briefly, what did the research find: The study found that:
The first experiment explored how the cookie banner positioning influenced the users’ choice to interact with the banner and/or consent to cookies.
Figure 01: Interaction Rates in Experiment 1 (notice position) arranged pairwise for mobile and desktop users.
When asked why in the follow-up survey, the 16 participants that responded told researchers that the cookie banner prevented them from seeing the website content, so they accepted or declined the cookies to get rid of them.
The second experiment explores how internet users interact with cookie consent banners depending on the choices given in the banner.
There had been five different types of cookie banners:
All the banners had a nudging and non-nudging version, except the no-option banner.
Figure 02 - Visitors' consent choices in Experiment 2. "Accept"/"Decline" indicate that (all) options were accepted or declined. "Other" includes those who accepted/declined only some options. Bold figures indicate default options.
The charts above show that nudging and preselection of processing purposes influence cookie banner interaction.
Users had been more likely to interact with the banner if the ACCEPT button was highlighted instead of just a link for accepting cookies.
In the binary banners, where there was an ACCEPT and a DECLINE button, users were more likely to accept the cookies if the ACCEPT button was highlighted instead of the DECLINE button.
In addition, the research showed that pre-selected checkboxes for giving consent to specific processing purposes increase the chances of giving consent. Although explicitly prohibited under the GDPR and has been subjected to the Planet49 decision, it turns out that it works well in practice.
When users had been given non-pre-selected checkboxes, they had not interacted with the cookie banner as much. Moreover, providing them with information on vendors that process their personal data further decreased the interaction rates.
Immensely few website visitors bothered to select processing purposes at all.
In the follow-up survey, 38 participants who opted for the processing of specific purposes praised the increased transparency of the cookie banners providing the opportunity to make their own selection.
Others were not happy with the technical language (such as a necessary cookie). In contrast, those who declined cookies had stated that they did not need a personalized experience because they had come only for the website content.
When it comes to declining cookies, most of the follow-up survey participants had stated that they expected that the website wouldn’t work properly upon declining cookies.
Those who accepted the cookies knew, to some extent, how cookies work and how they improve their website visits.
The third experiment explored whether the cookie banner language and a link to the website privacy policy influence the cookie banner interaction and acceptance rate.
It turns out that it doesn’t influence a lot. The research showed only a minor difference in lowering the acceptance rate when the word “cookie” had been mentioned in the cookie banner text.
The presence of a privacy policy link had an insignificant influence.
Figure 03 - Visitors' interactions with different consent mechanisms in Experiment 3. Notices contained technical language ("cookies") and a link to privacy policy (or not).
It means that you need to experiment.
First and foremost, this research has been conducted on only one website and in only one country. All the visitors have been German speakers. The results might have differed if the study had been done in another country and on other websites. That is why you should not blindly rely on the research findings.
You can improve the acceptance rate of your cookie banner by taking the following two steps:
As we mentioned above, signing up with Secure Privacy is an excellent place to start because our cookie consent banner solution is compliant with the GDPR, LGPD, CCPA, PIPEDA, and other laws you need to comply with. We also offer multiple designs to choose from. Read about Data Protection Laws and the principle of Privacy by Design.
Schedule a call to learn more
