A new cookie apocalypse in the making
Last week, news broke that the privacy group None of Your Business (NOYB) sent over 500 draft complaints to companies who use unlawful cookie banners. As an internet user and privacy enthusiast, I am all for it: cookie banners suck, they are full of legal jargon, make browsing painful and often fail to protect privacy. NOYB also plans to send 10,000 more complaints to leading companies across Europe in the next few months. That’s 10,000 more companies at risk of being fined up to €20 million or 4% of their global turnover.
To anyone who shrugs this off as another empty threat (after all, GDPR enforcement to date has been minimal) I say: this time is different. NOYB is headed by Max Schrems, the lawyer whose complaint tore down the EU-US Privacy Shield and might still stop all transfers of personal data from the EU to third countries. If there is someone who can really move the needle on this, it’s NOYB.
By (rightly) making it easy for users to reject tracking, the NOYB campaign to end “cookie banner terror” will massively impact every website and app in Europe. Publishers will lose advertising revenues (because advertising cookies are off) and they will be unable to improve their products (because analytics cookies are off). In order to survive, they will probably be forced to put up paywalls and accept whatever food scraps come from big tech – who remain unaffected by these changes.
Whilst users reject cookies on all sites, Google, Facebook, Amazon and the other walled gardens will continue to collect and monetise personal data at huge scale and unparalleled granularity. The internet will become even more centralised, controlled by a small number of massive companies hoovering up personal data. It’s the classic David versus Goliath scenario, except that David has been blindfolded and tied up, his sling sequestered.
Informed decisions by misled audiences
Before my privacy-conscious friends start yelling at me, let me be clear: saving publishers is no justification for misleading consumers into sharing their personal data. NOYB is right in filing those complaints, but they should go one step further and acknowledge that the interpretation of GDPR requirements they propose is equally misleading for the user. Just like the current cookie banners mislead website visitors into accepting cookies, the binary choice between ‘accept all’ and ‘reject all’ cookies misleads them into rejecting cookies because it does not explain the value exchange.
How would users react if they knew the consequences that rejecting cookies has for them? What would acceptance rates be if the choice was between “Accept Cookies” and “Add Payment Details”? Studies show that while almost everyone values privacy, very few are willing to pay for it (about 20% of Americans, according to some studies). Moreover, a 2020 survey by CISCO showed that most privacy-focused individuals are willing to provide their purchase history in exchange for personalized products and services. However you want to look at it, the picture is more complex than what either side on this increasingly polarised debate cares to admit.
The point is that users should not have to choose between a free and relevant internet and a private one. The real scandal here is that digital advertising treats personal data as a commodity collected by hundreds of companies, then shared with thousands more: it’s uncontrollable, unauditable, undeletable. Privacy laws do not exist to prevent all forms of online data collection (the potential consequence of the NOYB campaign): they want to minimise the collection of personal data, prevent its commoditization and make it easily reversible.
Decentralised technology achieves that by leaving personal data on the user device, aggregating insights at audience level and giving the user genuine control over their digital identity. Outside of the big adtech names, a breed of startups is developing decentralised solutions that were unthinkable just a couple of years ago. Their success will determine if we can all enjoy a free and relevant internet that is private by default. It will show that there is a different way to treat data, and – who knows – perhaps even force big tech to clean up their acts. By contrast, their failure will usher in an era of paid content and big tech monopoly with less choice and little privacy.