Is it time to kiss your beloved third-party tracking cookies bye-bye?
At Walking Men, our most recent experience with switching from “all in, implied consent” cookie consent banners to “strictly GDPR-compliant cookie consent” is mainly focused on B2B and Corporate websites. These low-volume, high-value clients clearly aim for a “privacy first” approach, and the final UX decisions are often vetted by the legal team (more so than by the marketing department). So, when in doubt, we preferably end up erring on the side of caution. Better too safe than very sorry.
We’ve used the Cookie Compliance solutions from OneTrust/CookiePro to implement various consent scenarios, and we’ve recently been tweaking the UX in order to somehow manage the loss of recorded traffic in Google Analytics.
The difference we could observe in privacy gain vs analytics loss is so clear-cut that I thought it might be of interest to others.
The latest example of our work can be seen on Immobel Group — where we had the opportunity to try a sequence of 3 UX options before (SPOILER ALERT) settling on Option 3.
For good measure, I also included some data from another large Corporate client of ours, as their numbers tell an identical story.
Option 1: If they can close it, they will
We’ve initially found that, if the UX is offering a “close” button of any kind (a cross icon in top-right corner, or an explicit “close” button), a large majority of users will click that CTA and never provide explicit opt-in: Consistently, 65+% were clicking on the close (x) button, with an added 5% who used the “cookie settings” option to explicitly set their cookies preferences to NO. That left us with less than 30% of our traffic being tracked by our analytics tools. Ouch.
Takeaway #1: Visitors don’t want to choose, they just want to get rid of the dialog box.
Option 2: You can choose any color as long as it’s black
At the other extreme, if we use instead a (much less GDPR-compliant) UX that removes the close button altogether, and display only one button “Allow cookies” and a text link to “configure your cookie preferences”, then the consent button wins 95+% of the time… Et voilà! But deep down, you just know that you haven’t offered a real and fair opt-out alternative to the user.
Many websites even dare to twist the visitor’s arm more forcefully by embedding the “only one button” choice in a modal dialog, to make it crystal-clear: “Here’s a button. Click on it if you want to use our content. Or get lost.”
My colleague Michele called it “dark UX”, bad karma.
Takeaway #2: Visitors won’t bother to set their preferences, they’ll accept the cookies just to get rid of the dialog box.
Option 3: Going back to the bright side of the Force has its cost
If we go to a middle ground where opt-in and opt-out buttons are getting exactly the same treatment, we now see 40% to 60% explicit opt-in:
So, it seems that when these visitors are given the option to either NOT DECIDE (close button) or REFUSE (Reject cookies button), the results are about the same, reducing the opt-in by about 50%.
Takeaway #3: Given a fair choice, every other visitor will deprive you of your precious Analytics data.
TLDR takeaway: Regardless of the UX option, only a tiny percentage of users actually bother to choose which cookies they accept, and which they don’t. Instead, they either consent to cookies in general, or they don’t (by flatly refusing, or by simply refusing to choose). Nobody cares about your fancy cookies configuration tool.
Show me the data
Here’s a little summary, based on a sample of 26k visits:
(Interestingly enough, the week-ends always show a higher opt-in rate, but the absolute traffic is much lower on these days - what’s up with that, uh?)
Recorded traffic in Google Analytics is indeed now showing barely half of real traffic, which can be measured by the Cloudflare CDN (so before any consent can be expressed):
Same period, as seen in GA4 after the consent was given (or not):
But maybe this specific project is some kind of privacy snowflake? Not so, unfortunately: Before jumping to conclusions, we had a good look at what happened to another big B2B client of ours when they implemented their version of Option 3…
… and the massive drop in visitors numbers (as recorded in Google Analytics) is only marginally better, at -45% :
So that’s 45% of their visitors disappearing from one day to the next.
Now, if if you feel you don’t need to be as cautious as we chose to be, and don’t mind nudging your visitors in giving you their consent, Option 2 sure does a good job in being somewhat GDPR-compliant while retaining very decent Analytics absolute figures, as confirmed in an exchange with Frederik Dooms (Google Marketing Platform):
(…) most of the customers I talk to have option 2 implemented, which correlates with your findings of 95% opt-in
The jury is still out on the best approach to follow (if you ask the question to 2 legal advisers you will end up with at least 3 valid opinions), so don’t take my word for it and go experiment for yourself - your mileage might vary greatly. Especially if you feel more comfortable with Option 2 than we do... But at the very least, brace yourselves for a future where quantitative data from your analytics will have to be taken with a heavy pinch of salt, and qualitative data is indicative, at best.
Final thoughts: It might even be time to join the choir singing the Gospel of DHH and embrace radically different approaches to measuring your success… Wadyathink?