How cookies affect you
My newest research sought to understand how website cookie notifications are used in the U.S. to create friction and influence user behavior.
To do this research, I looked to the concept of mindless compliance, an idea made infamous by Yale psychologist Stanley Milgram. Milgram’s experiments—now considered a radical breach of research ethics—asked participants to administer electric shocks to fellow study takers in order to test obedience to authority.
Milgram’s research demonstrated that people often consent to a request by authority without first deliberating on whether it’s the right thing to do. In a much more routine case, I suspected this is also what was happening with website cookies.
I conducted a large, nationally representative experiment that presented users with a boilerplate browser cookie pop-up message, similar to one you may have encountered on your way to read this article.
I evaluated whether the cookie message triggered an emotional response—either anger or fear, which are both expected responses to online friction. And then I assessed how these cookie notifications influenced internet users’ willingness to express themselves online.
Online expression is central to democratic life, and various types of internet monitoring are known to suppress it.
The results showed that cookie notifications triggered strong feelings of anger and fear, suggesting that website cookies are no longer perceived as the helpful online tool they were designed to be. Instead, they are a hindrance to accessing information and making informed choices about one’s privacy permissions.
And, as suspected, cookie notifications also reduced people’s stated desire to express opinions, search for information and go against the status quo.
Legislation regulating cookie notifications like the EU’s General Data Protection Regulation and California Consumer Privacy Act were designed with the public in mind. But notification of online tracking is creating an unintentional boomerang effect.
Second, cookie permissions change regularly, and what data is being requested and how it will be used should be front and center.
And third, U.S. internet users should possess the right to be forgotten, or the right to remove online information about themselves that is harmful or not used for its original intent, including the data collected by tracking cookies. This is a provision granted in the General Data Protection Regulation but does not extend to U.S. internet users.
In the meantime, I recommend that people read the terms and conditions of cookie use and accept only what’s necessary.
Elizabeth Stoycheff is an associate professor of communication at Wayne State University.