For many internet users, the EU’s cookie-consent policy is a frustrating and inevitable experience when browsing the web, introduced in 2018 as part of the General Data Protection Regulation (GDPR), which requires users to agree to be tracked on their first visit to the site, but the wording is often misleading or cannot be rejected. In an effort to make cookies more in line with the wishes of users, the European Union this week issued the latest guidelines prohibiting the worst interpretation of these policies.
The biggest change this time is the end of the “cookie wall”, which makes what you watch dependon on consent being tracked. The whole focus of the Cookie Consent Policy is to give people the freedom to choose whether to let things like targeted advertising collect their data. However, as the EU points out, if a website is placed in a script that blocks content (which is visible other than accepting cookie requests), this does not constitute valid consent because the user does not have a real choice and therefore no longer needs a cookie wall.
Another big change is to prevent websites from interpreting even the most basic interactions as consent. For example, some site vendors interpret simple scrolling or swiping on a page as agreeing to their tracking policies. The EU pointed to the absurdity of this position, arguing that if the roll-up could constitute consent, it could also be used to withdraw it. And since the site cannot distinguish between these two intents, there is no point in using scrolling or refreshing the page as consent.
These guidelines show that the EU is aware of the problem symofing its cookie-consent policy, but for those affected by these mechanisms, it would be wrong to expect a quick fix. First, these are only guidelines designed to shape national policies. The EU adopts laws, but it is up to member states to enforce them. And research shows that many websites have long defied the current cookie consent law because enforcement is minimal.
In addition, there are many more ways to confuse and trick visitors into clicking “consent” than cookie walls. A series of so-called dark patterns and confusing user interface choices can mislead and intimidate users. These patterns range from pre-selection boxes and maze-style menus to not explaining what tracking cookies are placed on the user’s computer at all. A recent study found that only 11% of cookie consent mechanisms meet the minimum requirements of European law.