Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR
Dominique Machuletz, Rainer B\"ohme
TL;DR
This study investigates how consent dialog design, including default options and number of purposes, influences user decisions and perceptions under GDPR, revealing that default buttons increase acceptance but reduce recall accuracy.
Contribution
It provides empirical evidence on how default buttons and purpose options in consent dialogs affect user choices and perceptions, informing GDPR-compliant design practices.
Findings
Default buttons lead to higher acceptance of cookies for multiple purposes.
Participants with default buttons recall their choices less accurately.
Users perceive consent dialogs as more deceptive after default options are used.
Abstract
The European Union's General Data Protection Regulation (GDPR) requires websites to ask for consent to the use of cookies for \emph{specific purposes}. This enlarges the relevant design space for consent dialogs. Websites could try to maximize click-through rates and positive consent decision, even at the risk of users agreeing to more purposes than intended. We evaluate a practice observed on popular websites by conducting an experiment with one control and two treatment groups ( university students in two countries). We hypothesize that users' consent decision is influenced by (1) the number of options, connecting to the theory of choice proliferation, and (2) the presence of a highlighted default button (``select all''), connecting to theories of social norms and deception in consumer research. The results show that participants who see a default button accept cookies for more…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.