Banners, pop-ins, confirmation through clicking or scrolling…in the GDPR era, how does the way consent is collected influence a user’s decision to give it?

Paris, November 20th 2018 – Commanders Act, the European leader in SaaS Tag and Data Management solutions, has published its Online Consent Barometer (OCB), the first barometer on the matter of Privacy Management that measures the results of various opt-in mechanisms used to conform with the GDPR.

10,450,000 visitors to 16 websites over 14 days

The barometer is based on the observed behaviour of visitors to 16 websites over 14 days (6th to 19^th August 2018), drawing from a total of 10,450,000 visitors.  A sample made even more representative by the fact that the websites examined cover a wide range of fields: finance, media, industry, retail, travel and energy.

“Despite its usefulness, the GDPR is a frightening subject for digital teams. We decided to carry out this study to debunk some myths and provide marketers with concrete answers regarding the impact of asking for consent, a few months after the GDPR came into effect,” explains Michael Froment, Commanders Act CEO.

The first impression is the only one that counts

In general, the size, colour, position and font of the consent banner, as well as the choice of a strict or soft collection method, could all have an influence on a user’s behaviour. But regardless of the format used, just like in real life, the first impression is the only one that counts. Except for when a strict collection method is used, users read the consent message an average of 1.8 times before making their decision. This figure remains the same regardless of the final decision (opt-in or opt-out) or the consent mechanism employed (soft or super-soft). In other words, users make their choice after seeing the consent banner or pop-in for the first time. And rarely do they go further and configure they consent…

Only 0.1% of users visit the page where they can activate or disable the various cookies. And only 0.07% view the page that explains how to change their browser’s acceptance settings.

Adapting to the visitor and industry

Each industry has its own method for collecting consent in keeping with the expectations, practices and habits of its users. Thereby, those in finance and energy follow a narrow interpretation of the GDPR and thus favour strict consent, which meets the requirements for a user to have formally given their agreement to access the website’s content. On the other hand, media and travel sites choose the path of optimisation, opting for the ‘super-soft’ method where consent is given as soon as a user scrolls down the page. Such choices depend on each one’s objectives (ad revenue for media websites is partly dependant on getting opt-in consent), but they are not definitive.

Changes in regulations (the ePrivacy text is still being written), browser technology and, obviously, user behaviour could make a review of these choices necessary in the coming months.

At the same time, we must refine the notion of consent in order to comply with the spirit and wording of the GDPR. Consent must be a voluntary and informed act. In many cases, it is still not completely in line with the founding text on personal data protection.