skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: “Okay, whatever”: An Evaluation of Cookie Consent Interfaces
Many websites have added cookie consent interfaces to meet regulatory consent requirements. While prior work has demonstrated that they often use dark patterns — design techniques that lead users to less privacy-protective options — other usability aspects of these interfaces have been less explored. This study contributes a comprehensive, two-stage usability assessment of cookie consent interfaces. We first inspected 191 consent interfaces against five dark pattern heuristics and identified design choices that may impact usability. We then conducted a 1,109-participant online between-subjects experiment exploring the usability impact of seven design parameters. Participants were exposed to one of 12 consent interface variants during a shopping task on a prototype e-commerce website and answered a survey about their experience. Our findings suggest that a fully-blocking consent interface with in-line cookie options accompanied by a persistent button enabling users to later change their consent decision best meets several design objectives.  more » « less
Award ID(s):
2150217
PAR ID:
10392551
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
Page Range / eLocation ID:
1 to 27
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, Harvard Journal of Law & Technology)
    The EU ePrivacy Directive requires consent before using cookies or other tracking technologies, while the EU General Data Protection Regulation (“GDPR”) sets high-level and principle-based requirements for such consent to be valid. However, the translation of such requirements into concrete design interfaces for consent banners is far from straightforward. This situation has given rise to the use of manipulative tactics in user experience (“UX”), commonly known as dark patterns, which influence users’ decision-making and may violate the GDPR requirements for valid consent. To address this problem, EU regulators aim to interpret GDPR requirements and to limit the design space of consent banners within their guidelines. Academic researchers from various disciplines address the same problem by performing user studies to evaluate the impact of design and dark patterns on users’ decision making. Regrettably, the guidelines and user studies rarely impact each other. In this Essay, we collected and analyzed seventeen official guidelines issued by EU regulators and the EU Data Protection Board (“EDPB”), as well as eleven consent-focused empirical user studies which we thoroughly studied from a User Interface (“UI”) design perspective. We identified numerous gaps between consent banner designs recommended by regulators and those evaluated in user studies. By doing so, we contribute to both the regulatory discourse and future user studies. We pinpoint EU regulatory inconsistencies and provide actionable recommendations for regulators. For academic scholars, we synthesize insights on design elements discussed by regulators requiring further user study evaluations. Finally, we recommend that EDPB and EU regulators, alongside usability, Human-Computer Interaction (“HCI”), and design researchers, engage in transdisciplinary dialogue in order to close the gap between EU guidelines and user studies. 
    more » « less
  2. ; ; (, Proceedings on Privacy Enhancing Technologies)
    In this paper we describe the iterative evaluation and refinement of a consent flow for a chatbot being developed by a large U.S. health insurance company. This chatbot’s use of a cloud service provider triggers a requirement for users to agree to a HIPAA authorization. We highlight remote usability study and online survey findings indicating that simplifying the interface and language of the consent flow can improve the user experience and help users who read the content understand how their data may be used. However, we observe that most users in our studies, even those using our improved consent flows, missed important information in the authorization until we asked them to review it again. We also show that many people are overconfident about the privacy and security of healthcare data and that many people believe HIPAA protects in far more contexts than it actually does. Given that our redesigns following best practices did not produce many meaningful improvements in informed consent, we argue for the need for research on alternate approaches to health data disclosures such as standardized disclosures; methods borrowed from clinical research contexts such as multimedia formats, quizzes, and conversational approaches; and automated privacy assistants. 
    more » « less
  3. ; ; ; ; (, In Proceedings of We Robot 2021)
    Robots have great potential to support people with dementia (PwD) and their caregivers. They can provide support for daily living tasks, conduct household chores, provide companionship, and deliver cognitive stimulation and training. Personalizing these robots to an individual’s abilities and preferences can help enhance the quality of support they provide, increase their usability and acceptability, and alleviate caregiver burden. However, personalization can also introduce many risks, including risks to the safety and autonomy of PwD, the potential to exacerbate social isolation, and risks of being taken advantage of due to dark patterns in robot design. In this article, we weigh the risks and benefits by drawing on empirical data garnered from the existing ecosystem of robots used for dementia caregiving. We also explore ethical considerations for developing personalized cognitively assistive robots for PwD, including how a robot can practice beneficence to PwD, where responsibility falls when harm to a PwD occurs because of a robot, and how a robot can acquire informed consent from a PwD. We propose key technical and policy concepts to help robot designers, lawmakers, and others to develop personalized robots that protect users from unintended consequences, particularly for people with cognitive impairments. 
    more » « less
  4. ; ; ; ; (, Proceedings of We Robot 2021)
    Robots have great potential to support people with dementia (PwD) and their caregivers. They can provide support for daily living tasks, conduct household chores, provide companionship, and deliver cognitive stimulation and training. Personalizing these robots to an individual’s abilities and preferences can help enhance the quality of support they provide, increase their usability and acceptability, and alleviate caregiver burden. However, personalization can also introduce many risks, including risks to the safety and autonomy of PwD, the potential to exacerbate social isolation, and risks of being taken advantage of due to dark patterns in robot design. In this article, we weigh the risks and benefits by drawing on empirical data garnered from the existing ecosystem of robots used for dementia caregiving. We also explore ethical considerations for developing personalized cognitively assistive robots for PwD, including how a robot can practice beneficence to PwD, where responsibility falls when harm to a PwD occurs because of a robot, and how a robot can acquire informed consent from a PwD. We propose key technical and policy concepts to help robot designers, lawmakers, and others to develop personalized robots that protect users from unintended consequences, particularly for people with cognitive impairments. 
    more » « less
  5. ; ; ; (, ACM WPES '23: Proceedings of the 22nd Workshop on Privacy in the Electronic Society)
    Prior research found that a significant portion of EU-based websites responded to the GDPR by implementing privacy dialogs that contained inadequate consent options or dark patterns nudging visitors towards accepting tracking. Less attention, so far, has been devoted to capturing the evolution of those privacy dialogs over time. We study the evolution of privacy dialogs for a period of 18 months after the GDPR became effective using screenshots from the homepages of 911 US and EU news and media websites. We assess the impact of government and third-party actions that provided additional guidance and tools for compliance on privacy dialogs' choice architecture. Over time, we observe an increase in the use of privacy dialogs providing the option to accept or reject tracking, and a reduction of nudges that encourage users to accept tracking. While the debate over the extent to which various stakeholders' responses to the GDPR meaningfully improved EU residents' privacy remains open, our results suggest that exogenous shocks (such as government interventions) may prompt websites to enact changes that bring on-the-ground implementation of the GDPR at least nominally closer to its intended goals (such as making rejecting tracking easier for visitors). 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email