A new academic study by GroundAI into online consent management platforms has concluded many of them are ignoring the EU’s GDPR rules.
The study was conducted by a consortium of universities and its findings published under the header: Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence.
The basis of the study is that pop-ups that have originated since GDPR came into force, requiring us to click ‘I agree’ to cookies or similar when we first visit a website, and often continually afterwards are actually contrary to GDPR, so what are we agreeing to?
New consent management platforms (CMPs) have been introduced to the web to conform with the EU’s General Data Protection Regulation (GDPR), particularly its requirements for consent when companies collect and process users’ personal data.
This study analyses how the most prevalent CMP designs affect people’s consent choices. It scraped the designs of the five most popular CMPs on the top 10,000 websites in the UK (n=680) and found that dark patterns and implied consent are ubiquitous; only 11.8% meet the minimal requirements that were set based on European law.
Second, the study conducted a field experiment with 40 participants to investigate how the eight most common designs affect consent choices. It found that notification style (banner or barrier) has no effect; removing the opt-out button from the first page increases consent by 22–23 percentage points; and providing more granular controls on the first page decreases consent by 8–20 percentage points.
The study provides an empirical basis for the necessary regulatory action to enforce the GDPR, in particular the possibility of focusing on the centralised, third-party CMP services as an effective way to increase compliance.
The issue this study seems to have been conducted to address concerns how much information people are supplied with when asked for their consent, as well as the matter of presumed consent – i.e. opt-out as opposed to opt-in.
In many cases this process is managed by third party consent management platforms (CMP), and that’s what the study focused on.
So, at its simplest, the study is saying the vast majority of CMPs flout European law and thus expose their users to enforcement action.
The post GDPR: Dark patterns emerge in consumer consent on the internet appeared first on Payments Cards & Mobile.