A typical web page can have many dozens of cookies (even hundreds, in some cases), which track your behavior for everyone from advertisers to developers–a practice also known as design optimization. When Europe’s sweeping privacy regulations (called GDPR) took effect in May, it was unclear just how much the new rules would affect this completely ubiquitous fact of life on the internet, but a report from the Reuters Institute gives us an early look: Among news sites–which tend to use the most cookies, since they’re dependent on ad dollars–cookies are down by 22%.
The report is based on 2.7 million cookies captured by researchers at the institute; Tim Libert, Lucas Graves, and Rasmus Kleis Nielsen looked at more than 200 news sites with a software that scraped data about third-party cookies.
What exactly is a third-party cookie? When you visit a news site, any content your browser downloads from that URL is “first-party content.” Third-party content, on the other hand, comes from some other URL that your browser downloads when you visit that original news site–which, of course, shares data like your IP address and other identifiers with that third-party address. A third-party cookie, they explain, is “data set by a content host in the user’s web browser to create a unique identifier which can be used to track the user on the web.” Advertisers use them, as do developers, designers, and a range of other groups who want to track how people are using sites.
While the average number of cookies on a given news site dropped by almost a quarter between April and July this year, the gains were larger in certain countries–it dropped by 45% in the U.K., whose news sites had far larger numbers of cookies than most other countries. Two types of third-party cookies set without user consent dropped the most dramatically: First, design optimization cookies fell by a whopping 27%, and advertising and marketing cookies dropped by 14%.
That shouldn’t be a huge surprise, since the GDPR does specify that the kind of data many cookies hoover up constitutes personal data. But the researchers also point to another effect of the legislation:
[W]e may be observing a kind of ‘housecleaning’ effect. Modern websites are highly complex and evolve over time in a path-dependent way, sometimes accumulating out-of-date features and code. The introduction of GDPR may have provided news organizations with a chance to evaluate the utility of various features, including third-party services, and to remove code which is no longer of significant use or which compromises user privacy.
In other words, the modern web is bloated with unnecessary features. The GDPR may be flawed, and it may not be as effective as it could be, but at the very least, it’s getting many developers to clean up their code.