GDPR is here and, yes, user experience is still broken

New data regulations held the promise of an improved user experience for digital services, but the reality is more pop-ups, confusion and inconsistency.

In the era of GDPR, informed users were expecting to have greater control of their data. But what they hoped for, maybe subconsciously, was that this control would not just keep their personal data safe but also improve the user experience of digital services. Fewer surprising (and not in a good way) emails; fewer creepy ads; more transparent and therefore trustworthy and, dare I say, fun-to-use websites.

However, it’s clear that the variety of different approaches to compliance have not produced a utopian consistency in web forms, check-boxes and privacy notices – the user experience side of GDPR. Let’s not wade through the finer points of the legislation again; suffice to say that some companies have let ‘legitimate interests’ do more legwork than others, for better or worse, and the guidance from the ICO has not always been seen as gospel.

The rather frustrating thing is that stricter interpretations of the regulation have not felt good. Yes, the killing off of sneaky language (‘click if you don’t want to receive marketing’) has certainly been a good thing, but a focus on user consent for tracking and personalisation has resulted in sometimes stultifying user experiences.

For starters, US-based companies such as Walmart-owned Modcloth, the Chicago Tribune, NPR and, ironically, the Association of National Advertisers have gone as far as effectively shuttering their websites to EU users, rather than risk non-compliance in these areas. But more annoying are the consent management platforms (CMPs) being used by many publishers.

CMPs present customised pop-ups to users, allowing them to opt in to data sharing with ad partners and decide for what purposes the publisher can process their data – analytics or personalisation, for example. In theory, which is all we have had for the past few years from studying the GDPR text, this is a wonderful thing.

In reality, though, there are issues with these pop-ups. First, without stereotyping my grandmother, the last thing she needs when she visits a new and unfamiliar website is more shit popping up in her browser. Conceptually, it is difficult for her to understand the competing designs on her attention coming from the operating system, browser, publisher and advertiser (let alone ad networks, demand-side platforms, etc).

In her mind, if she has entered her credit card details on a website, then ‘the computer’ has her bank details and every single message could be of paramount importance. I’m getting sidetracked here, but it’s easy to see how the ecosystem has already failed her in some ways, even before CMPs arrived.

Display advertising is not keeping publishers afloat, yet it is still ruining websites. Hmm.

The next problem is that even for digital natives, this stuff is annoying. Mobile experiences have long been compromised by pop-ups and now we have added in a bunch more to slow things down and conceal the actual content further still. I’ve even found mobile websites where, presumably due to a bug in this new tech, it is impossible to tap the ‘agree’ or ‘continue’ button and I have been unable to view any content at all.

Dan Barker, an excellent ecommerce and digital marketing consultant, pointed out on Twitter: “Lots of big media sites are using a GDPR plugin from Quantcast to manage privacy options. But it is very odd… Here’s an example from @politico. I turn everything off, click ‘Save & Exit’, reload the page, and they fire 58 trackers before asking me to opt in again.”

There’s another issue: CMPs or more bespoke preference centres are also not consistent. In an article on Medium, programmer Giacomo Tesio writes about his experience on publisher InfoWorld’s website. He was served a privacy pop-up briefly saying that some (unnamed and unnumbered) third parties need consent to store cookies, undertake personalisation, etc. Two options were presented – ‘update privacy settings’ and the rather throwaway ‘sounds good, thanks!’.

Tesio writes that the pop-up expanded into a window where he could precisely decide which permissions he gave the website. Everything seemed to him to be clear, well explained and free from deception until the last step – ‘vendor consents’.

InfoWorld wanted to share his data with 338 vendors, and with a single click of ‘sounds good, thanks!’, that’s what it would have done. When Tesio realised this, he decided not to give any consent whatsoever, however in order to make this choice he had to click 338 times – there was no ‘deselect all’ button. This seems like a dark pattern in sheep’s clothing.

Let’s end on a wistful note. USA Today, as developer Marcel Freinbichler points out on Twitter, “decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk.” The result was that the site required just 500KB of data to load, rather than 5.2MB.

Without all the junk, indeed. Display advertising is not keeping publishers afloat, yet it is still ruining websites. Hmm.

Ben Davis is editor at Marketing Week’s sister title Econsultancy.