Do we need cookies banners in the era of GDPR - we discuss the situation and the requirements of the law
Banners on websites with information about cookies often close almost half of the content, which annoys users. Let us see what European laws actually require, because of which these pop-up windows appeared, and whether it is possible to do without banners at all.
/ Flickr / Ginny / CC BY-SA
The marketing company Amazee Metrics conducted a survey among one hundred thousand Internet users and found that 76% of site visitors ignore the notification of cookies, and 12% simply close the pop-up window.
Users try to hide banners as soon as possible , as they interfere with viewing the content of the site and “destroy” UX in mobile versions of Internet resources. Residents of Reddit state : "Cookie notifications are the worst thing that happened with web services after Internet Explorer."
For companies and website owners, cookies-banners also became a headache , as they had to spend the budget (pay developers and designers) to create pop-up windows that no one likes.
Cookies started to appear after the ePrivacy directive, adopted by the European Union in 2009, came into force (now they want to tighten it, we wrote about it in one of the past materials ). The emergence of the GDPR and heavy fines for non-compliance with its requirements exacerbated the situation - banners began to show all sites operating in the European market.
The text of the GDPR specifically about banners does not say anything. The only thing in paragraph 30 of the law says that the site is obliged to notify the user about the installation of cookies, if they can be used to determine the identity of a person. You can not get the consent of the user, if cookies are needed only for saving session data, playing video and audio content, load balancing on the site and the work of third-party plug-ins that allow sharing content in social networks.
As for the ePrivacy Directive ( PDF ), it also obliges site owners to notify users about the handling of cookies, but only if they are related to analytics and marketing campaigns. However, nothing is said about the form of these notifications.
Since the law does not oblige the use of banners, and they are fed up with everything, alternative solutions are being developed that would simplify the life of people. However, so far they have not gained widespread or great popularity.
In 2017, the European Commission proposed a new law. At the legislative level, he will have to approve the mechanism for automatic processing of cookie banners. The idea is to allow users to specify in the browser settings whether resources on the network are allowed to set optional cookies. Users and site owners immediately supported the bill, but there were representatives of the IT industry, who did not like this decision.
Against the initiative were companies operating in the advertising field. They say that the law will deal a serious blow to the industry of marketing and promotion on the Internet. According to their estimates, the income from targeted online advertising will be halved. If we consider that in 2018, global advertising costs on the network amounted to630 billion dollars, the damage will be noticeable.
Also, critics of the law believe that the new rules will annoy people even more than pop-up cookies. Users will have to change browser settings on all devices. In this case, the owners of Internet resources can always add all the same banners, only now with a request to activate the collection of cookies in the browser.
/ Flickr / calebdcochran / CC BY
Due to the ambiguous reaction of the community, the bill has been postponed. Industry representatives point out that the law has no future without amending.
Another solution to the situation with banners is the Tracking Protection Expression framework (or Do Not Track, DNT ). It was first presented by the Federal Trade Commission ( FTC ) in 2010. The principle of its operation is similar to the mechanism proposed in the European Commission. DNT adds a function to browsers that tells websites whether the user has allowed the installation of cookies or not.
A couple of years ago, the World Wide Web Consortium ( W3C ), which develops and implements Internet standards, developed recommendations for website owners on using the framework with regard to the requirements of the GDPR.
The DNT is not widespread, even among those who initially supported it. For example, Mozilla, due to the fact that the framework and new standards were not introduced by other market players, the company introduced its own tools . The developers have added a feature in Firefox that allows a person to choose which PDs the site will receive and which will not.
As we have already said, sites that do not collect cookies for targeted advertising do not need to receive user consent. Therefore, Internet resources have the opportunity not to show pop-up banners to users at all.
In USA Today , for example, they manage without notifications about collecting cookies, which makes it possible to further optimize the weight of the start page. In addition, without advertisements page looks "clean" and neat.
Another such option will fit for personal blogs. One Belgian backend developer using the Laravel framework saved his website from cookies and even gave detailed instructions on how to do this on other sites.
As a result, the situation is as follows. Nobody likes banners, but for the time being they are massively used to comply with the requirements of the law. Perhaps when the European Commission makes amendments to its bill or the DNT framework will become more common, users will be relieved of annoying pop-up windows.
/ Flickr / Ginny / CC BY-SA
No one likes banners
The marketing company Amazee Metrics conducted a survey among one hundred thousand Internet users and found that 76% of site visitors ignore the notification of cookies, and 12% simply close the pop-up window.
Users try to hide banners as soon as possible , as they interfere with viewing the content of the site and “destroy” UX in mobile versions of Internet resources. Residents of Reddit state : "Cookie notifications are the worst thing that happened with web services after Internet Explorer."
For companies and website owners, cookies-banners also became a headache , as they had to spend the budget (pay developers and designers) to create pop-up windows that no one likes.
What is written in the law
Cookies started to appear after the ePrivacy directive, adopted by the European Union in 2009, came into force (now they want to tighten it, we wrote about it in one of the past materials ). The emergence of the GDPR and heavy fines for non-compliance with its requirements exacerbated the situation - banners began to show all sites operating in the European market.
But there is an interesting nuance: according to ePrivacy Directive and GDPR, banners are completely optional.
The text of the GDPR specifically about banners does not say anything. The only thing in paragraph 30 of the law says that the site is obliged to notify the user about the installation of cookies, if they can be used to determine the identity of a person. You can not get the consent of the user, if cookies are needed only for saving session data, playing video and audio content, load balancing on the site and the work of third-party plug-ins that allow sharing content in social networks.
As for the ePrivacy Directive ( PDF ), it also obliges site owners to notify users about the handling of cookies, but only if they are related to analytics and marketing campaigns. However, nothing is said about the form of these notifications.
“Thus, the owners of the sites themselves are responsible for the implementation of the GDPR and ePrivacy Directive requirements,” commented Sergey Belkin, head of the IaaS-service development department at 1cloud.ru . “Banners were chosen as the easiest and to some extent obvious way to keep the law.”
Is it possible to do without banners
Since the law does not oblige the use of banners, and they are fed up with everything, alternative solutions are being developed that would simplify the life of people. However, so far they have not gained widespread or great popularity.
EU initiative
In 2017, the European Commission proposed a new law. At the legislative level, he will have to approve the mechanism for automatic processing of cookie banners. The idea is to allow users to specify in the browser settings whether resources on the network are allowed to set optional cookies. Users and site owners immediately supported the bill, but there were representatives of the IT industry, who did not like this decision.
Against the initiative were companies operating in the advertising field. They say that the law will deal a serious blow to the industry of marketing and promotion on the Internet. According to their estimates, the income from targeted online advertising will be halved. If we consider that in 2018, global advertising costs on the network amounted to630 billion dollars, the damage will be noticeable.
Also, critics of the law believe that the new rules will annoy people even more than pop-up cookies. Users will have to change browser settings on all devices. In this case, the owners of Internet resources can always add all the same banners, only now with a request to activate the collection of cookies in the browser.
/ Flickr / calebdcochran / CC BY
Due to the ambiguous reaction of the community, the bill has been postponed. Industry representatives point out that the law has no future without amending.
DNT framework
Another solution to the situation with banners is the Tracking Protection Expression framework (or Do Not Track, DNT ). It was first presented by the Federal Trade Commission ( FTC ) in 2010. The principle of its operation is similar to the mechanism proposed in the European Commission. DNT adds a function to browsers that tells websites whether the user has allowed the installation of cookies or not.
A couple of years ago, the World Wide Web Consortium ( W3C ), which develops and implements Internet standards, developed recommendations for website owners on using the framework with regard to the requirements of the GDPR.
The development of DNT is still underway, but the first experimental studies by analysts from Forrester show that it does not work . Popular resources ignore DNT and continue to comply with internal security policies. At the same time, the framework again encountered the resistance of marketing services and companies whose business depends on targeted advertising.
The DNT is not widespread, even among those who initially supported it. For example, Mozilla, due to the fact that the framework and new standards were not introduced by other market players, the company introduced its own tools . The developers have added a feature in Firefox that allows a person to choose which PDs the site will receive and which will not.
You can refuse cookies
As we have already said, sites that do not collect cookies for targeted advertising do not need to receive user consent. Therefore, Internet resources have the opportunity not to show pop-up banners to users at all.
In USA Today , for example, they manage without notifications about collecting cookies, which makes it possible to further optimize the weight of the start page. In addition, without advertisements page looks "clean" and neat.
Another such option will fit for personal blogs. One Belgian backend developer using the Laravel framework saved his website from cookies and even gave detailed instructions on how to do this on other sites.
As a result, the situation is as follows. Nobody likes banners, but for the time being they are massively used to comply with the requirements of the law. Perhaps when the European Commission makes amendments to its bill or the DNT framework will become more common, users will be relieved of annoying pop-up windows.
PS Materials on the topic from our corporate blog:
- "About personal data": the essence of the FZ-152
- What will help to protect personal data
- How to protect personal data in a public cloud