Cookies and Trust: Trust in organizations and the design of cookie consent prompts

Abstract

The General Data Protection Regulation (GDPR) was passed in 2016 to regulate companies' use and storage of personal data, such as cookies, which are a common feature of the modern internet used to track user's activity and preferences. This paper aims to examine people's perspectives on cookie consent prompts and the effects of using deceptive design in cookie consent prompts. The results suggest that the design, rather than trust in the website's organization, is crucial for users' decisions to accept, decline, or manage cookies. Honest design is emphasized, and the dangers of deceptive design in cookie consent prompts are highlighted. Prompts that require full attention from the user and cover the content of the page are more likely to result in reflective and active decisions, but design friction that forces users to make a reflective choice causes irritation. The study also reveals a discrepancy between self-reported and observed behavior regarding cookie acceptance, as users tend to accept more cookies than they say they do.