How GDPR and ePrivacy Will Make the Web Faster and More Sustainable. Sorta.

The Web is about to get a whole lot more secure, faster – and more sustainable. At least in Europe.

Bird's eye view of houses that look like checkboxes
Composition using photo by Bence Balla-Schottner on Unsplash
Please note: The following is not intended as legal advice. Seek professional legal help when dealing with GDPR and ePrivacy.

They shot themselves in the foot by using dark patterns.

German sweepstakes provider Planet49 used a pre-checked checkbox in a cookie consent overlay on one of their sites. The default setting meant users had to uncheck the checkbox to protect their privacy.

The European Court of Justice (ECJ) ruled that unlawful, thus paving the way for the ePrivacy Directive

When companies and organizations step up to comply with the ePrivacy Directive in Europe, web performance will improve and become more sustainable. And it’ll have a big impact on the way we use analytics to make informed decisions about websites and apps. This is how.

Third-party cookies must remain blocked unless the user gives explicit consent

The ECJ’s ruling on the “Planet49” case translates to:

  • saving non-essential cookies to a user device requires active consent
  • website owners must clearly und understandably communicate how long they intend to save cookies and how third parties are related
  • No dark patterns, no implicit consent
  • No legalese – copy must be understandable by the average Joe
  • The ability to withdraw or change consent to individual topics at any time

Cookie Management Platforms (CMPs) such as Cookiebot and Usercentrics have sprouted up to handle cookie blocking for website ownders.

How does cookie-blocking with a CMP work?

CMPs seem to work similarly:

  1. You add a script from the CMP to the <head> of all your pages. It contains an identifier for the CMP account where the website owner can set how the CMP processes data. The CMP can either be hosted by the vendor or by the website owner.
  2. When the user visits the site for the first time and the CMP executes, a call is made to the CMP which should return information about the scripts to which the user has consented. Scripts with no consent remain blocked.
  3. The user saves or changes cookie settings by interacting with the cookie consent UI. Those settings are saved to a cookie or to local storage and are shared with the CMP.

But in recent study, researchers scraped the CMPs on the top 10k websites in the UK and found

“dark patterns and implied consent are ubiquitous; only 11.8% meet the minimal requirements that we set based on European law.”

So where does that leave us?

Alternatives to CMPs

As I wrote in October 2019, browsers and cookie blockers are already managing privacy preferences.

Even Google announced that they plan to block third-party cookies in Chrome within two years.

And Brave Browser already touts the page speed benefits of blocking scripts which have no apparent benefit to the user.

Brave Browser lets you block third-party cookies and shows you how much time you save
Brave Browser lets you block third-party cookies and shows you how much time you save

Killing cookies improves page speed metrics and saves energy

According to the Web Almanac by HTTP Archive,

“57% of script execution time is from third-party scripts, and the top 100 domains already account for 48% of all script execution time on the web.”

If set up properly and according to the ePrivacy Directive, a European web page will not be able to request third-party scripts for tracking, social media and advertising purposes without explicit consent.

In a one-off, unscientific comparison of The Atlantic, shows quite a big improvement in page speed metrics when the user rejects third-party cookies.

Page speed metrics for The Atlantic website improve when the user rejects third-party cookies
Page speed metrics for The Atlantic website improve when the user rejects third-party cookies. Left: cookies allowed; Right: cookies rejected

That could translate to a lot less network traffic, bytes transferred, less time devices spend executing scripts, and less energy to do it.

As the Web Almanac notes:

Despite serving 57% of scripts, third parties comprise 64% of script bytes, meaning their scripts are larger on average than first-party scripts.

Using my quick comparison of The Atlantic in Safari shows a savings on the client side.

When blocking cookies, the client has to use less energy for the page
When blocking cookies, the client has to use less energy for the page

Less JS coming over the pipeline means:

  • less energy needed for data transfer – especially via mobile networks
  • less energy needed for CPUs to parse and execute scripts

It’s sad that the digital industry and governments didn’t step up sooner to regulate digital privacy and take note of the internet’s growing carbon footprint.


Sources


Published: Jan 17, 2020

More from my blog