Saved in:
Bibliographic Details
Main Authors: Sjøflot, Liv Hilde, Opsahl, Tobias A.
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.15056
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918501781864448
author Sjøflot, Liv Hilde
Opsahl, Tobias A.
author_facet Sjøflot, Liv Hilde
Opsahl, Tobias A.
contents While companies increasingly rely on data, especially when it comes to targeted advertising, adapting content to users, selling data and training machine learning models, the collection of data raises privacy concerns. One way of collecting data is by using HTTP cookies when interacting with a website. Legal regulations require service providers to collect consent for some forms of cookie collection, which is often acquired through \emph{cookie consent banners}, but their effectiveness has been debated. This study aims to understand what influences users' experience and behaviour when managing their cookie consent, by investigating the gap between their stated privacy preferences and their actual actions. A mixed methods approach was used, collecting data from a usability test and a survey (N=20). The results showed that although participants generally want to reject cookie collection, they often end up accepting because of deceptive patterns in the cookie consent banner design. It also showed that they were more willing to consent to websites they trusted and if they expected it would improve their user experience. Although the current EU legislation states that withdrawing consent must be as easy as giving it, withdrawing consent took on average more than 20 times longer than giving it. This suggests that cookie consent banners in their current form are not ideal with respect to user autonomy, often leading users to \emph{consent by design}.
format Preprint
id arxiv_https___arxiv_org_abs_2605_15056
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Deceptive Cookies: Consent by Design -- A Mixed Methods Study
Sjøflot, Liv Hilde
Opsahl, Tobias A.
Human-Computer Interaction
While companies increasingly rely on data, especially when it comes to targeted advertising, adapting content to users, selling data and training machine learning models, the collection of data raises privacy concerns. One way of collecting data is by using HTTP cookies when interacting with a website. Legal regulations require service providers to collect consent for some forms of cookie collection, which is often acquired through \emph{cookie consent banners}, but their effectiveness has been debated. This study aims to understand what influences users' experience and behaviour when managing their cookie consent, by investigating the gap between their stated privacy preferences and their actual actions. A mixed methods approach was used, collecting data from a usability test and a survey (N=20). The results showed that although participants generally want to reject cookie collection, they often end up accepting because of deceptive patterns in the cookie consent banner design. It also showed that they were more willing to consent to websites they trusted and if they expected it would improve their user experience. Although the current EU legislation states that withdrawing consent must be as easy as giving it, withdrawing consent took on average more than 20 times longer than giving it. This suggests that cookie consent banners in their current form are not ideal with respect to user autonomy, often leading users to \emph{consent by design}.
title Deceptive Cookies: Consent by Design -- A Mixed Methods Study
topic Human-Computer Interaction
url https://arxiv.org/abs/2605.15056