My presentation from Superweek 2020 highlighting the poor compliance of requesting visitor consent on websites. That is, 98% fail this test - a result that is in alignment with other published studies.
The fixes are straightforward, though site owners MUST avoid the cliff edge affect of offering visitors a binary Y/N option.
Data presented comes from verified-data.com.
8. 8
Verified Data Study...
97.6%
of sites get consent wrong
Other Sources:
techcrunch.com/2020/01/10/cookie-consent-tools-are-being-used-to-undermine-
eu-privacy-rules-study-suggests/
Visit Simulation:
• Simulate an EU visit to multiple pages
• Pageview + page scroll. No further clicks
• Is a Google Analytics hit generated?
9. 9
So what is going wrong...?
(get to know your browser dev tools)
10. 10
The FIVE big areas done wrong...
1. Ignoring consent
2. Pre-selected consent
3. Implied consent
4. Block access until consent given
5. Ignoring explicit NO
27. 27
Termly - implied consent
Implied Consent
By clicking "Accept All Cookies", or by scrolling and
dismissing this banner, you consent to the storing on
your device of all of the technologies described in our
Cookie Policy."
28. 28
Termly - ignoring explicit NO
Implied Consent
By clicking "Accept All Cookies", or by scrolling and
dismissing this banner, you consent to the storing on
your device of all of the technologies described in our
Cookie Policy."
Ignoring explicit NO
30. 30
The FIVE big areas done wrong...
1. Ignoring consent
2. Pre-selected consent
3. Implied consent
4. Block access until consent given
5. Lying Ignoring explicit NO
42. 42
Anonymise IP set = 42.9%
Why is this so high? User confusion...?
"I am compliant if all IP addresses are anonymised and no personal data is collected"
Websites with suspected PII = 30.9%
Even though the vast majority of site controllers swear they do not collect personal data...
*Audits conducted in Jan 2020 on verified-data.com
43. 43
BUT most collected PII is accidental... (that is no excuse!)
Note, not this form
If login fails, link appears with the email address or
username or of the visitor:
/user/password?name=BClifton2
44. 44
Accidental PII is no excuse...!
Privacy is still not part of core website
development - its considered an add-on
46. 46
Credit where credit is due - Sites that get this CORRECT
CAUTION: Not just about consent on your home page.
EVERY page must behave in the same way.