I’m going to say it; I genuinely believe that the cookie pop up is one of the biggest UX disasters ever to have befallen the web.
The now ubiquitous feature, which emerged as a solution to the rules laid down by the Cookie Law, has become commonplace. It is a well intentioned feature, designed to ensure that a website obtains permission from an end user before tracking that user using cookies.
However, I think we can all agree that the quality of its implementation across the web leaves a lot to be desired. And for the most part they do not serve their ultimate purpose, which is to allow the user to make a simple, informed decision about whether to allow cookies to be stored on their device.
The Problem
Let’s be honest, when you visit a website you want to consume the content on that website, not battle with a cookie pop up. As such the user’s first goal when they see a cookie pop up is not “Ah ok, this website wants to store a cookie on my machine, I’ll read their cookie policy and carry out a measured assessment of whether I am happy to approve their request”. Instead, the user’s response is “How do I get rid of this damn thing!?”
From there the user is typically cajoled into approving all forms of cookie with a large, enticing ‘Accept’ button, which will rapidly close the pop up and allow them to continue. A classic example of persuasive design used in a slightly nefarious manner.
Birmingham airport - classic persuasive design
Vodafone UK - more persuasive design
Google’s pop up - unsurprisingly they don’t make it easy to reject tracking cookies
This use of persuasive design in the implementation of cookie pop ups, for the most part, results in users just accepting cookies in order to get rid of the pop up. Really though, the choice between accepting and rejecting cookies should be easy. There are some websites and plugins that provide a ‘Reject’ button as well, but it hasn’t been as widely adopted as perhaps it should have been.
National rail - still quite a lot to digest, but there is a ‘Reject’ button, which is a good thing.
Gov.uk - leading the way in UX as always. Concise and easy to read with two clear options.
The problem is that the Cookie Law places the burden of compliance on the websites themselves, rather than the browser makers. This gives control of how the cookie pop up works to the website owners, who have a vested interest in persuading the user to accept the cookies. As such, in many cases the website owner will make it harder for the end user to reject them.
This need for every website on the web to implement some form of cookie permission system has resulted in a vast array of third party cookie pop up plugins, all of which work very differently, resulting in the end users having to expend even more mental energy navigating this web of confusing user interfaces.
Many users these days run privacy focused browsers such as Firefox, which can be configured to delete all cookies as soon as the browser is restarted, with a maximum limit on the lifetime of cookies. For these users, cookie pop ups are a constant battle, because they are pretty much asked about their preferences every time they visit a website. This has led to a proliferation of ‘cookie pop up blocker’ plugins such as I Don’t Care About Cookies.
The Solution
A much better solution would be to move the burden of compliance over to the browsers. In this scenario if a website wanted to store a cookie, it wouldn’t be on the website to obtain permission. Instead, the browser should pick up on a requirement to store cookies, then ask the user itself whether this is ok.
In order to request cookie permissions, the website would need to provide a form of schema information in its headers outlining the types of cookies that it needs to use along with names of those cookies.
The browser would then pick up on these headers and use them to present a consistent, familiar and well designed interface to the user where they can review and approve or reject cookies with minimal effort.
This would deliver a much more elegant solution in a number of ways:
For the User
Giving the user control over how their general cookie preferences are managed across the web would be a huge advantage.
For example, if the browser has third party cookies disabled (which is the default setting in privacy focused browsers such as Firefox and Safari these days), the browser would just quietly suppress any third party cookie requests, thus leaving the user to continue browsing uninterrupted. With the current system, the website would ask the user permission to store third party cookies, irrespective of whether that user’s browser would actually allow it or not.
Similarly, if you genuinely don't care about cookies and wanted to suppress the pop ups for good, you could simply change a setting in your browser that suppressed all but essential cookies. This would remove the need for the browser to request any form of cookie permission. Happy days.
For trusted websites you could maintain a white list of sites with individual cookie permissions for each. Some websites might even move towards rewarding users that allow themselves to be tracked, with discount codes or access to quality content. I talked about this concept in a bit more detail in one of my previous posts about Google Topics.
And for users that clear their cookies every time they restart their browser, their cookie preferences would be stored in the browser rather than in a cookie, and so they wouldn’t be asked about their cookie preferences again and again.
From a usability perspective, the cookie pop up would be fully standardised and familiar to the end user, and so using it would be a much more positive experience overall.
For the website
This approach would arguably present some challenges for the website owner, as it would make it significantly harder to obtain permission to track that user with cookies, as more users would simply block the cookie pop ups and disable all but essential cookies.
However there would be some really significant benefits as well. The removal of the cookie pop up alone would bring significant improvements in website speed, bounce rate, security, conversions and search engine performance.
It would also bring some standardisation in terms of defining the cookies that your website is trying to set, allowing for the development of simpler, more elegant tools to help you track and categorise your cookies.
The concept of rewarding users for allowing tracking would also allow you to build up a stronger relationship with a larger audience of loyal customers. And we all know that it is these customers that deliver the best ROI on your marketing efforts.
For the enforcers
Enforcement of the Cookie Law across all of the websites that it applies to is completely unrealistic at best.
However if the burden of compliance was on the browser makers then they could in theory drag one of those parties through the courts if their browser did not comply.
In Summary
I’ve been mulling over the cookie pop up dilemma for years and I really believe that moving the burden of compliance over to the browser maker would make the web a much more usable, safer and enjoyable place.
I am not a lawyer so I’m not sure how realistic this would be, as some onus would still need be on the website to ensure that they define their cookies appropriately in order for the browser to manage them properly, but either way some form of standard that moves cookie permission management from the website to the browser would be a massive win for user experience across the web.
There may be some resistance from the browser makers whose revenue depends on targeted advertising (i.e. Google), but ultimately the web and the laws that govern it should be designed for the end user and not the large corporation.
