Opinion: our online activity is monitored and monitised by marketers who deliberately make it difficult for us to stop being tracked

By Jennifer Edmond, TCD

We have all probably clicked on something late at night on our phones and forgotten about it entirely until we spotted an ad for it on a laptop screen the next day. This happens, of course, because we accepted cookie tracking at some point, which allowed our browsing activity to be monitored and used by marketers. Many of us do it almost obliviously, a reflex to get rid of an annoying banner or pop-up notice.

European regulation now requires sites to provide a clear opt-out, but most internet users will be aware of how difficult it can be to use that option. Some of the worst practices include unlabelled slider buttons that make it hard to know if your cookie settings are on or off. Reversing left and right sliders, and grey buttons to indicate 'on', may even mislead some into selecting a different option than intended.

Another common tactic is the visual demotion of the option to reject cookies, presenting it in tiny writing, for example, under a big attractive green button to accept. Then, there are the multiple layers to be navigated through before even finding your options, and the round robin of policies (cookie policy, privacy policy, terms of service) that lead to no obvious way of declining.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Archives, Colm Connolly reports on the launch of the Local Ireland web service in 1998

What else? Oh yes, the ‘save my choices’ button that comes up below your phone’s navigation menu, and therefore conveniently can’t be pressed. Oh, and the default opt-in to cookies for 'legitimate purposes' no matter your global settings, without any definition of what is legitimate or why. A lot of these signals actively hack our cultural norms – green means go, and the prominent thing is the important thing, right? – so of course we get confused by them. That’s their intention.

Perhaps most infuriating of all are the references back to your browser, saying you need to change your settings there to block cookies. In other words, it’s the user who’s left responsible for ensuring their own privacy, assuming they can even navigate the software they use. Why should the onus be on individuals to dig into a possibly very unfamiliar system in order to prevent a company from collecting information on them (or, to put it more pointedly, from infringing on their legal rights)? It’s the technological equivalent of saying you should have locked your door if you didn’t want to be burgled.

It may perhaps be easy to excuse each of these examples as an oversight or ill-thought through design decision made by the company whose website you’re visiting. In fact, the story is probably a bit more sinister. This is in part because many of the websites you’re using are not designed or delivered by the companies you use and trust, but by specialists with a sideline in gathering and delivering your data. Dig into the terms and conditions, and you’ll often find that there are more than the two of you in your relationship with a given online shopping or information source.

We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From RTÉ Radio 1's News at One, Max Schrems on his case against Facebook over the transfer of personal data from Europe to the US

There is a growing movement now against these sorts of tactics, with the Vienna-based privacy rights group NOYB (None Of Your Business) recently issuing 560 draft complaints to companies it says are using unlawful cookie banners. The group, led by Austrian lawyer activist Max Schrems, has given sites one month to comply with EU regulation before submitting formal complaints. It points to statistics suggesting that only 3% of users actually want to agree to cookies, while more than 90% end up getting directed into accepting them.

We often talk about 'hostile design' in the non-virtual world, where public space is narrowed by such things as bench dividers or window ledge spikes, a design often aimed at keeping homeless people from sleeping in certain areas. But the same term could be used to describe consent screens, especially on mobile devices, that work to restrict our options, conditioning behaviour in ways that benefit wider power structures.

Taking time to read the small print can make for an eye-opening experience, as I discovered trying to get wifi away from home a while ago. My accustomed working spot had only recently changed their ‘free wifi’ provider, and users were being asked to agree that their data be used as the company deemed "necessary or appropriate".

We need your consent to load this YouTube contentWe use YouTube to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences

From Vox, how hostile design explains why cities are full of uncomfortable benches

This same privacy policy stated that passengers who accessed a social network were allowing both the location and its third-party supplier to validate their user identity and "collect information about the provided account". Users also had to accept that their data could be passed to non-EU countries with less privacy protection – circumventing GDPR rules, in other words. The emphasis on such services being free of charge is a misnomer, because there’s a cost in terms of access to data if not in money.

Midway through the document was a request that passengers carefully read the policy and terms of service. But we’re not in fact meant to read these documents, nor do they actually function as contracts. Indeed, on closer inspection, I found multiple typos in those documents, telling me that not even the provider had read them!

How many of the companies actually understand the implications of their own policy documents?

We are conditioned to think of these as contracts, but there’s no negotiation here, like we would expect to find when we buy a house: we have to take or leave them. As Brett Frischmann and Evan Selinger argue in their 2018 book, Re-Engineering Humanity, electronic contracts are often designed to make signees act in predictable ways, nudging them to become "simple stimulus-response machines". We might assume contracts are good for consumers, but in digital environments they might in fact work against our interests.

What did I take from that episode trying to decide whether to say ‘yes’ to the wifi link? Well, not only was I not supposed to read this privacy policy, but my trusted local provider was probably not meant to either. The terms and conditions were much more about their provider’s rights to reuse data than mine or my local hotdesk. How many of the companies targeted by NOYB, I wonder, actually understand the implications of their own policy documents? There was only one solution for me at the time: getting out my wifi dongle – and clicking ‘decline’.

Dr Jennifer Edmond is Associate Professor of Digital Humanities in Trinity College Dublin and the co-director of the Trinity Centre for Digital Humanities. She is an Irish Research Council awardee.


The views expressed here are those of the author and do not represent or reflect the views of RTÉ