Are You Sure, You Want a Cookie? The Effects of Choice Architecture on Users' Decisions about Sharing Private Online Data

Jan Michael Bauer*, Regitze Bergstrøm, Rune Foss-Madsen

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

338 Downloads (Pure)

Abstract

Data privacy is an important topic in the public debate. Recent policy changes aimed to strengthen users' control over their own data. We conducted a randomized field trial to show that website owners can undermine this agency by deliberately altering the choice architecture of the cookie banner and “nudge” visitors into sharing their data. Based on a sample of 1493 users, we show that cookie banner manipulations can increase consent by 17 percentage points of the sample. We propose a decomposition of the choice architecture of cookie banners into two elements: (1) the choice-making architecture and (2) the choice outcome architecture. Both can be uniquely manipulated but have different effects on privacy choices. We discuss the implications of these findings with regards to user sovereignty and the need for regulation. We conclude that the ability of website owners to manipulate the outcome of user privacy decisions is probably at odds with the ideal of the ePrivacy Directive and the GDPR.
Original languageEnglish
Article number106729
JournalComputers in Human Behavior
Volume120
Number of pages7
ISSN0747-5632
DOIs
Publication statusPublished - Jul 2021

Keywords

  • Dark patterns
  • GDPR
  • Choice architecture
  • Online data privacy

Cite this