Look at the State of This Place
This is not a good user experience...
...And it's all over the web.
Why is it Even Like this?
It's not surprising that most solutions are identical - who would want to read through and interpret such a text when they could just copy a "best practice" example and call it a job well done?
Finally, departments in companies often have competing goals that affect the choice of implementation. The revenues department may want to maximise advertisement revenue, so will want a solution that nudges the user to accept targetted ads from the first page-load, even at the expense of the overall user experience.
What each of these explanations have in common however is that they are focussed on making the company's life easier. To create a solution that makes the user's life easier, we need to understand what types of cookies exist, and what sort of consent is required.
The Four Cookie Types
We can categorise cookies in many different ways - duration, origin, function, etc. For our objective, we will split cookies up into four types by purpose.
Strictly Necessary Cookies
Cookies which are necessary in order for users to use the website. This includes features like user authentication and shopping carts. Normally, these features will be implemented using first-party session cookies.
Cookies for remembering user settings between sessions. For example: language and regional preferences or information for automatic login.
Analytics cookies used to harvest information about how users use a website - Which pages have they visited? Where did they click? Is this visitor unique?
Cookies which track the websites a user has visited in order to deliver targeted advertising.
Consent is not required for Strictly Necessary Cookies or Statistics Cookies, but the existence and purpose of the cookies should be explained to the user. For all other cookie types, consent is required.
For Preference Cookies, I think we have a few options: requesting consent at time of use, requesting consent at login/signup, not saving preferences for non-logged in users.
Not saving preferences for non-logged in users is pretty straight forward, and we can use techniques from the "old" web (query string params, anyone?) to persist across pages, but not across visits.
Requesting consent at login is also pretty straight-forward and trivial to envision. We could employ the same check-box and link in label solution for requesting consent at time of use, or we could take today's modal popup and cram that into the sign-up/account setup page.
The real problem (and the real reason for the ePrivacy Directive) is Marketing Cookies. This is why you're getting the big modal popup - so that the website can make more money from adverts that are targetted specifically at you.
Yes, I know, your colleagues in ad revenues will be upset that they don't pay as well as targeted ads. But do you what pays even better? Actual brand deals. They require no cookies, no tracking, no targetting, and will earn you more! This is what youu say when the ad revenues department complains.
We've solved this now, I guess? Well, we've solved part of it. I think. It sure sounds nice - visit a website, only consent to what you want to, when you need to by checking a few boxes or at signup. Turn on targetted ads if you like, or get adverts for your local area restaurant if you don't. So what's missing?
We've only really solved the user experience. We haven't solved the other problem I mentioned at the start of this article: privacy policies and terms and conditions so long that you couldn't possibly read and understand it all before consenting. And if you haven't read the terms and conditions, can you actually give consent? In common law countries the standard isn't even consent, but informed consent. So the answer is no.
Until companies write their cookie policies in such a way that you don't have to be a lawyer on a four week holiday just to understand them, the UX part is the only part developers and UX specialists can solve. Let's not rely on store-bought cookie-cutter solutions, but bake something better; something more elegant, less obtrusive, and delivers a world class user experience.
Top comments (1)
Great article and as an internet user I really appreciate that you're trying to put the user's needs into the equation somewhere.
Personally, I like the cheap cookie-cutter solutions because with one or two right clicks I can block the annoying consent popups and that silly tinted overlay. That is usually enough to view whatever page I'm trying to see and if it doesn't work I simply write the site off and never return to it.
In my opinion, I shouldn't have to click anything to decline unnecessary cookies. Places that insist on wasting my time with unnecessary things don't deserve my time or clicks. If some ad team doesn't understand that, well, then that is a good example of why the ad-based revenue model is outdated and should be pushed to the grave as quickly as possible.