How well do the various opt-in mechanisms implemented for the GDPR perform? That’s the question Commanders Act is answering with its 1st Privacy Barometer: a study based on the observed behaviour of visitors to 16 websites over 14 days*. In total, this barometer draws from the behavioural analysis of 10,450,000 visitors. A sample made even more representative by the fact that the websites examined cover a wide range of fields: finance, media, industry, retail, travel and energy. And the surprises came early: while as a precaution, or through fear of scaring away audiences, those in charge of tracking tend to go for more discrete mechanisms, the barometer suggests they would be better off being outright and transparent… Here are the 5 lessons to take away.
In practice, websites use 3 methods for collecting consent:
Unsurprisingly, conversion rates for strict consent are lower (28%) than the two others: 69% for soft consent and 78% for super-soft. The difference – rather small – between these two calls into question the advantage of using the super soft method and following a ‘tolerated’ interpretation of the regulation. Especially since soft consent results in 39% of visitors giving their direct consent (by clicking on an ‘accept’ button) compared to only 10% with super soft.
If we leave aside strict consent, 4 other lessons can be drawn from this first Privacy barometer.
A user reads the consent message on average 1.8 times before making a decision. This figure remains the same regardless of the final decision (opt-in or opt-out) and the consent mechanism used (strict, soft or super soft). In other words, the user makes their choice after seeing the consent banner or pop-in for the first time.
The average opt-in rate is 65%, but that does vary. The main factor behind the differences between desktop, mobile and tablet is the size of the consent banner – which is mechanically more imposing on mobiles and tablets. The result is that desktops represent 37% of the devices that display consent banners, mobiles 51% and tablets 12%, while opt-in rates for these devices reach 56%, 59% and 76% respectively.
In general, one surprising message from this barometer is that secrecy doesn’t pay off. Instead of fleeting banners whose background colour blends into the website, it’s better to choose contrasting blocks with an easy-to-read font.
The correlation between consent banner size and opt-in rate obviously has its limits: when the content of the site is no longer visible, around or behind the banner, users tend to stop browsing rather than give their consent. This occurs especially when the banner looks like a pop-in which obscures the whole background i.e. the website content.
Each sector has its preferred method for collecting consent. While finance and energy companies prefer strict consent, and thus a tough interpretation of the GPDR, media and travel sites put an emphasis on optimisation by using a super-soft method. These preferences can be explained by individual needs (for media, opt-ins partly influence advertising revenue) but are not set in stone.
Changes in the regulations (the ePrivacy text is still in preparation), technology (browsers) and, obviously, user behaviour could make a review of these choices necessary in the upcoming months.
Be sure to read the next Commanders Act Privacy Barometers to find out.
Check out Commanders Act Consent Management Platform.
(*) study conducted from 6th to 19th August 2018