March 20, 2018 by Andy Busam

Why You Should Care About The Consent Experience of GDPR

Editor's Note: the following is for information purposes only. Individual companies should seek legal counsel for guidance on their specific situation.

Ah, General Data Protection Regulation. Don’t those words just conjure warm feelings of bureaucracy, red tape, and legal documentation? I don’t know about you, but the first time I heard about GDPR, I had one of these moments:

Simon Cowell gif

The European Commission proposed this new law to unify and strengthen data protections for individuals living in the European Union, and address any of the data exported outside of the EU. The law goes into effect on May 25, 2018. You can dive a little deeper into the subject here (and nervously watch their countdown clock).

So why should we care? Well, for one, violations carry a stiff penalty of €20 million or 4 percent of annual revenue. I’d say that’s reason enough to start figuring out how to comply – especially if you conduct business in the European Union.

It’s important to recognize that while this law originated in the EU, it still applies to many US companies. According to Gemalto, a global digital security firm based in Amsterdam:

"With the demise of Safe Harbor, U.S. companies that export and handle the personal data of European citizens will also need to comply with the new requirements put forth or be subject to the same consequences."

The implications of this law will be felt around the world, and companies are already starting to implement systems and processes to comply with the law. This most notably takes on the appearance of a small-type consent feature on the first visit to a website.

While most website owners are spending their effort on proper compliance — of course this should be the highest priority — it is important to consider the user experience. Marketers and designers should take these requirements and create consent experiences that are clear, helpful, and informative.

There are a variety of ways to handle consent implementation, from push-in notifications on the bottom of a screen to a more invasive pop-up. Below are just a few examples that show how companies are implementing and wording the language around this new business requirement.

Some examples:

Umatex GDPR cookies warning
(Source)

The message at the bottom of this screen reads:

This site uses cookies for a more comfortable user experience. Continuing to view the pages of the site, you agree to the use of cookies. Otherwise, you can leave the site.

Translation: My way or the highway. This isn’t an overly welcoming statement. I would suggest revising the tone of the message or removing the last sentence altogether. 

Emso full screen GDPR consent experience

(Source

Emso features a full screen consent experience that requires the user to scroll to the end of the disclaimer to click “I agree.”

Translation: You have no excuse not to know what you’re getting into. However, no one (except a few bored lawyers) is going to read this. This is clearly the organization’s CYA statement. Barriers like these are a poor user experience and likely cause high bounce rates. While this approach may be recommended by a legal team, I would suggest putting a short consent agreement statement in a pop-up and linking to the full disclaimer on a separate page.

Saab GDPR cookies warning

(Source

The message at the bottom reads:
We use cookies in order to provide you with the best user experience. By using our website, you agree to the use of cookies. If you want to learn more, click here.

Translation: This one is straightforward, clear, and helpful. Right from the start, the statement conveys a visitor-centric reason for the use of cookies. Saab uses plain language in a friendly tone and offers additional information for visitors who are inquisitive. Thanks, Saab.

 ____________________________

If not yet made abundantly clear, none of my opinions represent legal advice. However, from a marketing and user experience perspective, I do believe there are some important considerations. The way your website visitors interpret, experience, and interact with your website affects overall engagement and any potential conversion. That’s why every feature, component, or asset on your website should be given a critical look.

A Few Ideas About Designing A Consent Experience
- Talk to a lawyer.
- Long consent agreements cause confusion. Link to a full explanation instead.
- Use normal, plain language. Legal speak will scare and confuse your visitors.
- Are you planning to use a pop-up, slide-in, other type of violator? These approaches will affect your user experience differently, so consider the implications.
- Communicate the benefits of accepting the cookie. Businesses use these to make the visitor’s experience more relevant and helpful. This should be part of the consent experience.
- Be a decent human being. Remember: privacy is important to people. Don’t sell data or use it to cause harm. Karma is real.

Data privacy in marketing is bound to be a topic of concern for years to come. As consumers become more aware that their activities online can and will be used to deliver personalized or individualized experiences, the onus will be on companies to establish and maintain trust with its users. The experiences we design to help and inform visitors that this is occurring is vital to the success of this technology over the long term.

Keep in Touch and Stay Informed

Get updates, industry reports, white papers and more Hedgehog love.