Cookie Consent Popups in 2020

by Sam Collett
You may have noticed, or perhaps not, that we have no cookie consent popups on our site. We, as designers and web practitioners, have some real problems with those annoying cookie popups. And we are not alone...
May 30, 2020

In this rather good article: We need to fix GDPR’s biggest failure: broken cookie notices in Wired online, there is a call to arms to the regulators to fix this problem. 

The spread of these cookie notices is down to European legislation. A combination of GDPR and how it altered the ePrivacy Directive forced pretty much every site on the web to ensure people in Europe clicked ‘allow’.

And we could not have put this better ourselves either: 

The legal changes were meant to make understanding web tracking easier for everyone. But two years after the arrival of GDPR, cookie consent notices are a blight on the web. 

The real problem is that the otherwise good EU GDPR rules are weak for cookie consent, and they are not fit for purpose. The popups that crowd your browser on each site, often on every visit, are supposed to offer you the sense of control. But actually most consent popups on most websites offer zero control. Instead they just crowd your browser. 

Let me explain. Most sites have Google Analytics and/or other tracking, which most of the time is anonymous*, with your last visit time, and other data stored on your computer as a cookie. To most people this data really should not cause any harm. 

There are two types of Cookie Consent. The first does not allow any sort of storage of any kind unless that consent button is clicked. The second is the more pervasive, whereby the Cookie consent button is merely an acknowledgement. In other words your browser is recording anyway but the “OK” button is merely a notification. The second way is what marketers like, as they want as much data as possible. And we have no problem with the former, zero storage solution. But this pervasive way is what riles us here at Practically towers.

There are a number of reasons for this mild ire: 

  • Firstly, that consent button actually requires its own cookie to be stored on your machine – which seems to us a bit silly.
  • Secondly, even without cookies the site, the server and other third party aspects (for example that nice TrustPilot widget) are undoubtedly tracking your movements anyway. Every time something is served to a user it must be served from somewhere, and that server likes stats. In other words data is here to stay.
  • Thirdly, from Hotjar we can see anonymised recordings from some of our site visits. And it is clear from these, and watching other people like our own families browse the net, that most users ignore the popup consent bars completely. From a designer’s perspective this negates the user experience we have built up and gets in the way of user journeys. The thing is that marketers will automatically switch off those consent banners. Your customers do not. This is especially concerning on mobiles.
  • Fourthly, and this is a minor one, when something changes (like new hosting or in some cases a new publish) those cookie consent cookies will be reset. The same goes if a customer jumps to a different device like their phone. 

* So we said that Google Analytics is anonymous, which is what Google itself says. This is true on some level in that names, email addresses and phone numbers are not stored. But don’t think for one second that your browser doesn’t give uniquely identifying data away anyway. See the project if you haven’t already.  



So what is the solution?


As we say we have no problem at all with the zero storage until clicked method. So one solution is by law to make this method mandatory. That this is not so, shows the weakness.

But the vast majority of sites out there are the notification only. And we are guilty of this too for many of our sites.

Another solution is to make those damn popups standard.

Cookie consent notices can show a bewildering array of options. On some websites the accept all cookies option is highlighted in a larger font or more eye-catching colour. They’re often configured to get people to accept everything without pausing to consider their choices. 

Or even to have one Cookie that accepts all Google Analytics per browser, not per site. The same goes for Hotjar or any other provider. This essentially is what your browser security preferences do anyway. Remember it is legally the site that is recording the data but in actual fact the data is being saved by Google.


Or, to not use a cookie consent popup at all.


And this, rightly or wrongly is what we have done here. Check the bottom of this page to see our cookie notice. If those cookie consent popups give no aspect of control, just get in the way, use more cookies and most of all don’t help anyone, then let us instead just place a nice notice at the bottom of every page with clear links to privacy policy documents and terms of use.

In other words if popups just give no control, nor sense of control, then do something different.


More reads