I know. GDPR. It’s boring. I tend to view it in another way, though. GDPR is a good opportunity to raise a lot of the issues around privacy in the vast internet world. Every, well managed, website has introduced some sort of cookie consent mechanism. Putting aside the obvious benefits of putting more control in the hands of website visitors, I don’t believe this is the right approach. It has a significant impact on experience, and requires a lot of effort to manage consent holistically in a complex environment like the internet. What are the alternatives, and what role web browsers play in this?

“Cookie banners” have been part of our internet life for quite a while. As an effect of EU’s 2012 “cookie law”, the predecessor to GDPR, a lot of websites took this approach. The main reasons were either that they were gathering tons of private information via cookies, or just there was no bother. After a while interest in cookie atoned, but the banners remained. Fast forward to May 2018, where GDPR tightened the grip in privacy data sharing consents. Effectively, website owners now have a formal obligation to audit and acquire user consent for gathering their data. Including cookies that are set to track users via collecting private information. Which, essentially, what every website that has analytics, marketing or social media integrations does. So, nearly, every website out there.

Therefore, “cookie banners” have been established as a fundamental part of everyone’s internet experience. This, on top of potential pop-ups for allowing notifications, location tracking and newsletter requests might result in some very weird results.

Typical website in 2018 – Reddit post under the r/web_design thread

Private data management in the modern world

This year, I have made a conscious effort to start getting back control of my data. GDPR was a great opportunity to re-think a lot of my personal approaches and behaviours in the web. I have went into more options to disable cookies in websites I am visiting. As a result, I have reviewed all of my privacy configuration in my social media accounts. Since then I have disabled my Facebook account, one of the main reasons being its approach to privacy. I realised three things:

  • There is a lot of private data sharing I never had though of. Sometimes it involved organisations or companies I ‘ve never signed up in the first place!
  • It takes a significant amount of effort to be on top of awareness, understanding and management of one’s private data.
  • It is worth it!

Most people can’t follow this high level of expectation in having control of their private data in this way. Most of them might not even care.

So, between not having time to manage our data and bad website experiences what can we do? Thankfully, web browsers are coming to the rescue!

Let the browsers get cookie control

I believe that cookie control should be an integral web browser feature. It would be easier to have a centralised point to control their privacy in the internet. It makes sense. We are establishing our trustful relationships with service providers like Google and Amazon. But, most of the times, we are not ok of sharing a lot of our data with every website. A typical type of data that fits this category is marketing and location tracking.

The good news is this is already happening. In some way or form, all popular web browsers have introduced ways to make cookie control easier and better to configure. Take a look at the links below.

How to configure the “Do Not Track” option on Chrome

Mozilla’s change of approach to anti-tracking

Safari delivers its own prompts for cookie control, independent of website controls

Opera browser blocks cookie dialog boxes in Android app

My only comment is: Well done!