A personal anecdote: I was charged with adding a cookie banner to my company’s website after having successfully resisted having one for many years. The reason given to me by the new owners of the business being that the marketing department wanted to try some new stuff, and the lawyers told them that it required consent on the part of our users. I was also told that I shouldn’t spend a lot of time on this, and to therefore use an off-the-shelf product (OneTrust), and to not customize it any way. When I remarked that the default texts for the banner sounded very scary and implied that we did a lot of things that we weren’t actually doing, I was told to leave them unchanged, because we had to assume that they had been vetted by (OneTrust’s) lawyers, and that it would be too legally risky to change them. My argument that OneTrust’s offering was a one size fits all that had to be compliant with the sleaziest, most ad-tech compromised media sites out there, but that we were not that, failed to make an impression.A couple of observations:
1. Players like OneTrust and the consultants who specialize in this, are highly incentivized to play up the risks of not being compliant. My layman’s estimation of the legal risks is that the risk for good faith actors is actually pretty low. If the authorities find that you are not in compliance, you will most likely get a chance to rectify this, and possibly a slap on the wrist. Those scary fines measured in percent of global revenue, is not going to be what you face for an honest mistake.
2. Those businesses that rely on invasive tracking, and therefore really must use these banners, benefit from everyone else mistakingly believing that they too must compromise their UX with these banners. It makes what they do seem normal and acceptable.
No comments yet.