The ePrivacy Directive,  commonly known as the ‘EU cookie law’, which has led to websites displaying alerts about cookies in order to get visitors to consent to their use, is due to be overhauled.

If you are a frequent browser of the internet – and let’s face it, you are – you will almost certainly have come across these cookie alerts online. They normally appear as a banner across the top/bottom or in the corner of the web page, and you need to either click ‘accept’ or click to close the alert. In doing so, you are demonstrating your agreement for the website to store some of your user information, or request user information already stored on your device, in the form of cookies. The wording of the message will determine the action that you need to take to close down the alert.

If you find these pop-ups irritating, then you are not alone, but do you always read what the message says?

We wanted to find out if people really pay any attention to these alerts, so we decided to conduct a little experiment.

For one week between the 4th and 11th of June, we added a cookie alert with the following message:

“This website uses cookies to ensure you get the best experience on our website. By clicking accept, you agree to fully transfer ownership of the device that you are currently using to us.”

When we looked at the statistics, we were shocked, to say the least.

48% of desktop or laptop users clicked ‘accept’, with only 9% clicking ‘decline’ and the rest continuing to browse the website without making a choice.

On mobile devices, 67% of users accepted and 16% declined, with the figures most likely differing due to the message appearing larger relative to the smaller screen size.

Only 3% of visitors took the time to read more about the cookie policy, where they were told about the experiment.

If you are one of those who kindly offered to give us your device, thank you, however on this occasion we’ll let you keep it.  🙂

Numerous studies have been conducted to discover whether people are reading terms and conditions, and unsurprisingly, it appears that in the vast majority of cases, they are not read at all. However, with the length that many of these documents extend to, it is not difficult to see why people with busy lives, using a vast number of software products, are going to forgo this process and simply trust the company involved.

It is interesting to note, however, that even short, one-line consent requests are dismissed.

It signifies that people are becoming habituated to the pop-ups and therefore immune to their effect. As website visitors are used to having to click the message to make them disappear, it looks like many have stopped noticing them altogether; and are simply blindly clicking through to remove them or ignoring their presence completely.

Even the European Commission themselves have agreed that the ePrivacy law has failed to reach its objectives, conceding that users are not understanding what the alerts mean. This has led to changes being proposed current legislation that may require the user to tick to accept cookies on their web browser, removing the need for the restriction to be imposed on every single website that a visitor browses.

What does this mean in terms of protecting our privacy going forward? Well, websites will still be required to comply with the cookie preference settings that a user has specified in their browser. Whilst they can expect a high level of protection, this does mean that many websites will simply not work properly if a user has set a restrictive cookie policy at browser level.

The revised legislation will apply to UK websites post-Brexit to the extent that they may be used in other EU territories, and laws of an equivalent standard are likely to be required for domestic websites. Whether or not the new regulations turn out to be an improvement, one thing is clear from this research – that the existing system is not providing internet users with the level of protection that the law intends.