They shot themselves in the foot by using dark patterns.
German sweepstakes provider Planet49 used a pre-checked checkbox in a cookie consent overlay on one of their sites. The default setting meant users had to uncheck the checkbox to protect their privacy.
The European Court of Justice (ECJ) ruled that unlawful, thus paving the way for the ePrivacy Directive
When companies and organizations step up to comply with the ePrivacy Directive in Europe, web performance will improve and become more sustainable. And it’ll have a big impact on the way we use analytics to make informed decisions about websites and apps. This is how.
Third-party cookies must remain blocked unless the user gives explicit consent
The ECJ’s ruling on the “Planet49” case translates to:
- saving non-essential cookies to a user device requires active consent
- website owners must clearly und understandably communicate how long they intend to save cookies and how third parties are related
- No dark patterns, no implicit consent
- No legalese – copy must be understandable by the average Joe
- The ability to withdraw or change consent to individual topics at any time
Cookie Management Platforms (CMPs) such as Cookiebot and Usercentrics have sprouted up to handle cookie blocking for website ownders.
How does cookie-blocking with a CMP work?
CMPs seem to work similarly:
- You add a script from the CMP to the
<head>of all your pages. It contains an identifier for the CMP account where the website owner can set how the CMP processes data. The CMP can either be hosted by the vendor or by the website owner. - When the user visits the site for the first time and the CMP executes, a call is made to the CMP which should return information about the scripts to which the user has consented. Scripts with no consent remain blocked.
- The user saves or changes cookie settings by interacting with the cookie consent UI. Those settings are saved to a cookie or to local storage and are shared with the CMP.
But in recent study, researchers scraped the CMPs on the top 10k websites in the UK and found
“dark patterns and implied consent are ubiquitous; only 11.8% meet the minimal requirements that we set based on European law.”
So where does that leave us?
Alternatives to CMPs
As I wrote in October 2019, browsers and cookie blockers are already managing privacy preferences.
Even Google announced that they plan to block third-party cookies in Chrome within two years.
And Brave Browser already touts the page speed benefits of blocking scripts which have no apparent benefit to the user.
Killing cookies improves page speed metrics and saves energy
According to the Web Almanac by HTTP Archive,
“57% of script execution time is from third-party scripts, and the top 100 domains already account for 48% of all script execution time on the web.”
If set up properly and according to the ePrivacy Directive, a European web page will not be able to request third-party scripts for tracking, social media and advertising purposes without explicit consent.
In a one-off, unscientific comparison of The Atlantic, shows quite a big improvement in page speed metrics when the user rejects third-party cookies.
That could translate to a lot less network traffic, bytes transferred, less time devices spend executing scripts, and less energy to do it.
As the Web Almanac notes:
Despite serving 57% of scripts, third parties comprise 64% of script bytes, meaning their scripts are larger on average than first-party scripts.
Using my quick comparison of The Atlantic in Safari shows a savings on the client side.
Less JS coming over the pipeline means:
- less energy needed for data transfer – especially via mobile networks
- less energy needed for CPUs to parse and execute scripts
It’s sad that the digital industry and governments didn’t step up sooner to regulate digital privacy and take note of the internet’s growing carbon footprint.
Sources
- Proposal for an ePrivacy Regulation
- ePrivacy Directive and GDPR
- “Will using Cookiebot affect my website’s performance, SEO, ranking and indexation of content?”
- “Does the use of Cookiebot and the cookie consent banner affect the Google Analytics bounce rate?”
- How to implement a Cookiebot and Usercentrics cookie blocker
- “Google to ‘phase out’ third-party cookies in Chrome, but not for two years”