My presentation from Superweek 2020 highlighting the poor compliance of requesting visitor consent on websites. That is, 98% fail this test - a result that is in alignment with other published studies. The fixes are straightforward, though site owners MUST avoid the cliff edge affect of offering visitors a binary Y/N option. Data presented comes from verified-data.com.

1. 1
BrianClifton, Author & co-founder Verified-Data.com
Gaining Consent
The Death of Remarketing &
Personalisation...?

2. 2
About Brian Clifton
Circa 1974...!
(1st) Head of Web Analytics, EMEA
2005-8
1990's Chemistry
100k books
Launched 2018

3. 3
2018 was the year privacy changed forever...

4. 4
2019 was the year browsers took a lead...
Resource: cookiestatus.com - Simo of course!
ETPITP TP
?Shields

5. 5
Why this is important
Ultimately it is users/customers that
are driving the "privacy first" approach

6. 6
Source: SAP/Hybris 2017 Consumer Insights Survey
What your customers think about privacy...

7. 7
Trust (or not) begins with
CONSENT

8. 8
Verified Data Study...
97.6%
of sites get consent wrong
Other Sources:
techcrunch.com/2020/01/10/cookie-consent-tools-are-being-used-to-undermine-
eu-privacy-rules-study-suggests/
Visit Simulation:
• Simulate an EU visit to multiple pages
• Pageview + page scroll. No further clicks
• Is a Google Analytics hit generated?

9. 9
So what is going wrong...?
(get to know your browser dev tools)

10. 10
The FIVE big areas done wrong...
1. Ignoring consent
2. Pre-selected consent
3. Implied consent
4. Block access until consent given
5. Ignoring explicit NO

11. 11
Q: What is wrong with this...?

12. 12
#1 - ignoring consent... (not waiting for it)
Ignoring consent
Data already sent: scorecardresearch.com, Google Analytics, DoubleClick, KRXD.net, Pubmatic, Chartbeat

13. 13
#2 - Pre-selected consent
Pre-selected
consent

14. 14
#2 - Pre-selected consent
Pre-selected consent
(buried in settings)

15. 15
#3 - Implied Consent
Implied
consent

16. 16
X
X
#4 Blocking access until consent given
X
All
content
blocked

17. 17
X
#4 Blocking access until consent given

18. 18
Maybe I can remove the block...

19. 19
#5 Ignoring explicit NO.... (lying?)
Cookie Name
Explicit NO
ignored • Google Analytics
• DoubleClick
• Hotjar

20. 20
Lying Ignoring explicit NO appears common...

21. 21
Lying Ignoring explicit NO appears common...
#4 All
content
blocked
#1 - Ignoring consent

22. 22
Lying Ignoring explicit NO appears common...
OFF

23. 23
Yet PEUGEOT still collects my data...
Explicit NO
ignored
Cookie Name

24. 24
And so on...
Explicit NO
ignored

25. 25
Even "experts" get
it wrong

26. 26
Termly - ignoring consent
Ignoring consent

27. 27
Termly - implied consent
Implied Consent
By clicking "Accept All Cookies", or by scrolling and
dismissing this banner, you consent to the storing on
your device of all of the technologies described in our
Cookie Policy."

28. 28
Termly - ignoring explicit NO
Implied Consent
By clicking "Accept All Cookies", or by scrolling and
dismissing this banner, you consent to the storing on
your device of all of the technologies described in our
Cookie Policy."
Ignoring explicit NO

29. 29
Siteimprove failures
Ignoring consent
Implied
Consent

30. 30
The FIVE big areas done wrong...
1. Ignoring consent
2. Pre-selected consent
3. Implied consent
4. Block access until consent given
5. Lying Ignoring explicit NO

31. 31
Why is it like this...?

32. 32
Issues for site owners (Data Controllers)
• Ignorance
• No senior stakeholder
• No court cases - Vueling, Planet 49
• Sites want to avoid a binary Y/N choice

33. 33
Every site owner wants to avoid a binary Y/N choice
Given a binary
choice, visitors
select "Yes"
only 10-20%

34. 34
Or worse, the multi-choice nightmare...
Who would bother...???

35. 35
If you implement a binary consent mechanism...
Expect your site to
loose 80-90% of
its data..!

36. 36
Data loss in Google Anlaytics
-80%

37. 37
A simple fix for
avoiding binary
questions...

38. 38
Instead try this approach....
verified-data.com
Full privacy policy.

39. 39
Full privacy policy.

40. 40
The difference
Now potential loss of
only 10-20% in
traffic

41. 41
Some other stats...

42. 42
Anonymise IP set = 42.9%
Why is this so high? User confusion...?
"I am compliant if all IP addresses are anonymised and no personal data is collected"
Websites with suspected PII = 30.9%
Even though the vast majority of site controllers swear they do not collect personal data...
*Audits conducted in Jan 2020 on verified-data.com

43. 43
BUT most collected PII is accidental... (that is no excuse!)
Note, not this form
If login fails, link appears with the email address or
username or of the visitor:
/user/password?name=BClifton2

44. 44
Accidental PII is no excuse...!
Privacy is still not part of core website
development - its considered an add-on

45. 45
Some sites do get
consent RIGHT

46. 46
Credit where credit is due - Sites that get this CORRECT
CAUTION: Not just about consent on your home page.
EVERY page must behave in the same way.

47. 47
BrianClifton, Author & co-founder Verified-Data.com
Thank You
verified-data.com/freetrial

48. 48
verified-data.com/freetrial