Could adhoc solutions to the cookie law be harming website usability?

Last week I was invited to speak to members of the Scottish Usability Professionals Association (SUPA) about the new cookie law.

SUPA “brings together UK professionals based in Scotland from the design, technology and research communities who share a vision of creating compelling technology that meets users’ needs and abilities”, and the topic of my presentation was the interaction of the cookie law with disability discrimination laws and website usability.

One consequence of the cookie law is that a number of the consent mechanisms being adopted by organisations to deal with cookie consent have an adverse impact upon the accessibility of the website to users with disabilities, and the usability of the website to users as a whole. This not only makes the website harder for users to use, but might also put the organisation in breach of its obligations under the Equality Act.

Potential usability and accessibility issues
We had a great discussion. Here are a number of the usability and accessibility issues we identified:

  • The use of a pop-up upon arriving at a website can clearly impact on the user experience – users can’t get to the information that they want to access without first reading/dealing with the pop-up. Does that inhibit users from finding the information that they are looking for?
  • On the other hand, the use of implied consent and a link to a cookies policy at the foot of the page is also poor from a usability perspective. Users are unlikely to see it (particularly on a mobile device), and therefore it’s difficult to say that consent has been given.
  • Mobile devices such as smartphones and tablets raise particular issues. Pop-up boxes at the bottom of the page are difficult to read and may be overlooked. If the default setting of these mechanisms is opt-in, then it may be difficult to argue that consent can be implied.
  • Pop-ups or cookie control devices that use Javascript may not be compatible with screen readers or devices that do not use Javascript. This may cause problems for users of those devices.
  • Pop-ups are often set to disappear after a certain period of time (for example 10 seconds), which may not be sufficient time for the user to read and understand the message
  • Again, on pop-ups, some pop-ups have a link to a cookies policy, but the cookies policy page appears on screen *behind* the pop-up, making it impossible to read without accepting all the cookies!
  • Many websites offer an all or nothing approach to cookies – users either have to accept all cookies or none, limiting user choice and user control.
  • Websites that only offer an “I agree” option – users may click “agree” simply to get rid of the box, menu bar etc.
  • Granular, interactive, control panels (such as those used by BT and BBC) can help improve usability and user control, but are often set to accept all cookies (including targeted advertising cookies) by default, or lump together targeted advertising with social sharing tools.
  • There is no consistent approach across websites (even in the implementation of third party products, such as Cookie Control) meaning that each website is different.

What is the solution?
This last point is perhaps one of the most telling.

From a user experience perspective, a multitude of different systems and approaches is confusing, and does little to increase user understanding of cookies (one of the aims of the new law). In order to be effective, a common approach is needed. If not, and websites continue to deal with cookies in different ways, usability will suffer.

This can be achieved in two ways: by clear guidance from the regulator and, perhaps more importantly in the long term, the implementation of suitably sophisticated privacy dashboards in web browsers. Ultimately, the reason for website operators having to introduce adhoc consent mechanisms is a failure to have in place an appropriate browser based solution at the time the law came into force. If privacy features can be built into the UI can be done with the iOS developer platform, then there is no reason it can’t be done across browsers generally.

In both cases, this needs joint action from the various national privacy regulators in Europe.

In the case of the former, to agree consistent, more detailed guidance of what is expected, and in the case of the latter to work with browser manufacturers and the W3C to develop a common browser based solution. When the new cookie law was published last summer we were told that the latter was happening, but to date there has been little sign of progress.

The Do Not Track initiative may give the building blocks for doing that, if it can be widened to cover all cookies and adopt the principles of privacy by default. Things are moving in the right direction, but as recent coverage reports, Do Not Track isn’t yet the panacea that some people would like it to be.

What do you think?

PS for a more detailed, technical assessment of some of the usability and accessibility problems with various cookie law solutions, read SUPA member James Coltham’s excellent blog on the subject.

3 Responses to “Could adhoc solutions to the cookie law be harming website usability?”

  1. 1 Wolf Software (@WolfSoftware) June 22, 2012 at 8:14 pm

    We have attempted to assist in this matter, by creating a suite of consistent solutions to allow website owners to gain consent for all types of cookies but in a manner that is consistent.

    • 2 martinsloan June 26, 2012 at 10:07 am

      @WolfSoftware thanks for your comment.

      It’s good that you are providing a suite of solutions, but my concern is what whilst this will provide users of *your* clients’ websites with a consistent approach, other organisations may choose to implement solutions that work in a different way.

      The web design community could work together to develop an industry standard approach, but given the size of the community, this needs strong leadership to bring the various interested parties together.

      This is why I think that we need the W3C and browser manufacturers to work together with regulators to develop a non-proprietary browser based solution.

  2. 3 James Coltham (@prettysimple) June 22, 2012 at 12:06 pm

    A really useful summary of your talk Martin. Thanks for linking to my article – hoping to do an updated review of some more solutions soon.

    PS I should note that I’m not a SUPA member, although often enjoy their excellent talks :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

June 2012
« May   Jul »

%d bloggers like this: