Has the GDPR hype affected users’ reaction to cookie disclaimers?

For many years, cookies have been widely used by websites, storing information about users’ behaviour. While enabling additional functionality and potentially improving user experience, cookies can be a threat to users’ privacy, especially cookies used by third parties for data analysis. Websites providers are legally required to inform users about cookie use by displaying a so-called cookie disclaimer. We conducted a survey study in 2017 to investigate how users perceive this disclaimer and whether it affects their actual behaviour. We found that while most participants had negative feelings towards the disclaimer, the disclaimer text had no significant effect on their decision to leave the website. Since the extensive media coverage of data protection issues that accompanied the EU General Data Protection Regulation (GDPR) entry into force in May 2018 may have sensitized users to privacy protection, we conducted a follow-up study in December 2018. Our results suggest that users did not change their attitude towards cookie use in favour of privacy protection, but got even more accustomed to the use of cookies, also by third parties. ... mehrMoreover, many users seem to have misconceptions regarding cookie use. We discuss the implications of our results for the users’ right to make an informed decision about their privacy.