The EU ePrivacy Directive states that:

No cookies and trackers must be placed before prior consent from the user, besides those strictly necessary for the basic function of a website.

Like most laws, it began with the best intentions. Ten years ago, the web was a “wild west” of tracking and privacy-invading profiling of users across websites. The EU aimed to give people back some rights over their personal information and protect them from non-consensual harvesting by third parties.

The laws (and resulting directives) around cookies are often misunderstood, leading to bizarre experiences where users are blocked from visiting sites or inundated with complex modal dialogs they must navigate through before they can view the content.

Analytics cookies allow teams to understand detailed information about who visits the site and their on-site behavior, and these don’t count as “basic functions,” so the user needs to give their consent.

Most users fall into one of these three categories.

  1. “I don’t care” - accept and visit the site
  2. “I care about my privacy” - or don’t trust the site, reject
  3. “I care a lot” - and I want to tailor specific trackers

Given these three obvious use cases, it is remarkable that most cookie consent controls only offer the following “all or nothing” options:

  • Accept all the cookies (including tracking cookies)
  • Turn them all off manually with a deep-dive into a bewildering menu

It’s a deliberate deceptive pattern that’s everywhere, and it’s ironic that a set of directives designed to give people better control over their privacy has done the opposite: we’re nagged into blindly accepting the defaults the site wants us to use.

The obvious user-friendly solution for this is to do the following:

  • Don’t use marketing/analytics cookies (like this site) or,
  • If you absolutely must, then give your visitors two simple options:
  1. Accept analytics cookies
  2. Reject analytics cookies

A user friendly cookie consent wireframe

It’s that simple. Give users a clear way to accept or reject optional tracking cookies, without menu-diving. Anything less is deliberately shady.


The second edition of my Amazon best-selling book 101 UX Principles is available to buy now.