The objective of this thesis was to investigate how choice architects in accordance with current EU privacy legislation affect users’ decision-making towards accepting cookies.
The EU acknowledges the importance of privacy and has for that reason implemented legislation within the field, the latest addition being the GDPR. Having reviewed current informational privacy legislation with regard to consent and cookies, we identified an overarching focus on the
information that should be provided to the user in order for consent to be valid. As such, it seems that the EU is legislating for the homo economicus who considers all relevant information to maximise utility, and ultimately decide upon the option equal to preference. This assumption of the completely rational user is, however, in opposition to the dual process theory within the field of behavioural economics. Rather, users are limited by bounded rationality and rely on dual processes when making decisions, which result in heuristics and cognitive biases. Empirical research has demonstrated how these heuristics and biases can be exploited in order to influence decision-making. On the basis of this literature, a gap was identified in assessing how much leeway current privacy legislation gives choice architects to influence users’ choice with regard to cookies. We hypothesized that choice architecture affects the user’s decision of whether to accept or decline cookies and conducted an experiment to test the hypothesis. In our experiment, two different cookie banner designs were tested on the website of the IT company ADDvision A/S. The cookie banner designs employed choice architecture elements including salience, effort, and framing to investigate the effect of choice architecture on users’ decision to accept cookies. The changes in choice
architecture resulted in a 84.9% difference in cookie acceptance rate between the two banners. As such, our experiment strongly suggests that choice architects can influence users’ decision with regard to cookie acceptance by changing the choice architecture of cookie banners. As such, our findings confirm those of previous research that people are not rational, and that a user will not always choose in accordance with his preferences. Furthermore, we conducted an analysis of 90 real-world cookie banners to investigate whether the identified gap in legislation regarding choice architecture is exploited by companies. Our findings from this analysis showed that the vast majority of the companies currently do not comply with EU legislation. In addition, the use of choice architecture to ensure consent is widespread and often even more manipulative than the choice architecture applied in our experiment.
Our findings inform legislators on the importance of regulating choice architecture in order to ensure actual control over personal information. This should be considered before implementing the new ePrivacy Regulation. Merely requiring companies to provide full information is not enough to ensure actual control over personal information. For the time being, a lack of regulation on choice architecture results in companies being able to nudge users to consent to the collection of personal data. Legislators should, thus, consider the insights from our study along with previous research in order to ensure that users’ privacy is protected.
As such, the behavioural insights to implement effective limits on online tracking are available. The question that remains is: is the EU ready to employ these insights and legislate on choice
Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification.
Proceedings of the 5th ACM Conference on Electronic Commerce, pp. 21-29.
Acquisti, A., & Grossklags, J. (2007). What can behavioral economics teach us about privacy.
Digital privacy: theory, technologies and practices, 18, 363-377.
Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L., Komanduri, S., . . . Wilson, S.
(2017). Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online. ACM Computing Surveys (CSUR), 50(3), pp. 1-41.
Albrecht, L. (June 17, 2018). How behavioral economics is being used against you. Marketwatch.
Retrieved on May 13, 2019 from https://www.marketwatch.com/story/nobel-prize-winning-economist-richard-thalers-nudge-theory-has-a-dark-side-too-2017-10-17
Analytics Help. (n.d.). Google. Retrieved
from https://support.google.com/analytics/answer/2799357?hl=en on May 14, 2019.
Andersen, D. (July 9, 2018). How AI Helps Marketers Build Customer Profiles and Drive Revenue.
DialogTech. Retrieved on May 14, 2019 from https://www.dialogtech.com/blog/marketing-analytics/ai-customer-profiles
Andrade, C. (2018). Internal, External, and Ecological Validity in Research Design, Conduct, and Evaluation. Indian J Psychol Med, 40(5), pp. 498-499.
Are cookies crumbling our privacy? We asked an expert to find out. (n.d.). Digital Trends.
Retrieved from https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/
on May 14, 2019.
Bekker, H. (January 16, 2019). 2018 (Full Year) Europe: Best-Selling Car Manufacturers and Brands. Car Sales Statistics. Retrieved from https://www.best-selling-cars.com/europe/2018-full-year-europe-best-selling-car-manufacturers-and-brands/ on May 14, 2019.
Berns, Laibson, and Loewenstein. (2007). Intertemporal choice – toward an integrative framework.
Trends in Cognitive Sciences, 11(11), pp. 482-488.
Böhme, R., & Köpsell, S. (2010). Trained to accept?: A field experiment on consent
dialogs. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 4, 2403-2406.
Boutin, Paul ‘The Secretive World of Selling Data about You’ (2016), Newsweek,
http://www.newsweek.com/secretive-world-selling-data-about-you-464789 (accessed April 12, 2019).
Brandimarte, L., Acquisti, A., Loewenstein, G. (2009). Privacy concerns and information disclosure: an illusion of control hypothesis. In: Proceedings of the poster iConference.
Business Insider. (May 18, 2018). The 50 largest banks in Europe by total assets. Accessed on April 20, 2019 via
Carruthers, P. (2009). An architecture for dual reasoning. In J. St. B. T. Evans & K. Frankish (Eds.), In two minds: Dual processes and beyond (pp. 109–127). New York: Oxford University Press . Cofone, I. (2015). Privacy Tradeoffs in Information Technology Law (Doctoral dissertation, Erasmus University Rotterdam). Retrieved from
Cofone, I. (2017). The way the cookie crumbles: online tracking meets behavioural economics, International Journal of Law and Information Technology, Volume 25, Issue 1, 1 March 2017, Pages 38–62
Cohen, J. (1988). Statistical Power Analysis for the Behavioral Sciences.New York: Lawrence Erlbaum Associates Inc.
Coventry, Jeske, Blythe, Turland, & Briggs. (2016). Personality and Social Framing in Privacy Decision-Making: A Study on Cookie Acceptance. Frontiers in Psychology, 7, 1341.
Choe, E. K., Jung, J., Lee, B., & Fisher, K. (September, 2013). Nudging people away from privacy-invasive mobile apps through visual framing. In IFIP Conference on Human-Computer Interaction (pp. 74-91). Springer, Berlin, Heidelberg.
Danish Business Authority. (March, 2015). Befolkningens adfærd på nettet. Retrieved from
https://erhvervsstyrelsen.dk/sites/default/files/media/befolkningens_adfaerd_paa_nettet_tilgaengelig .pdf?fbclid=IwAR1v7BXPgmY5PIthxwmvSf25Clxq_YmFhvHYP-Pr15ssmpYVHq-IfotV2Oo on March 4, 2019.
Dienlin, T, Trepte, S. (2015). Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors. Eur J Soc Psychol 45(3), pp. 285–97.
Dinner, I., Johnson, E., Goldstein, D., Liu, K., & Rogers, Wendy A. (2011). Partitioning Default Effects: Why People Choose Not to Choose. Journal of Experimental Psychology: Applied, 17(4), pp. 332-341.
Dolan, P., Hallsworth, M., Halpern, D., King, D., Metcalfe, R., & Vlaev, I. (2012). Influencing behaviour: The mindspace way. Journal of Economic Psychology, 33(1), 264-277.
Eldridge, S. M., Ukoumunne, O. C., & Carlin, J. B. (2009). The intra‐cluster correlation coefficient in cluster randomized trials: a review of definitions. International Statistical Review, 77(3), 378-394 Erevelles, Fukawa, & Swayne. (2016). Big Data consumer analytics and the transformation of marketing. Journal of Business Research, 69(2), 897-904.
European Commission. (n.d.). Cookies. Retrieved from
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm on May 14, 2019.
Europe’s Top 20 airline groups by passengers 2017; Lufthansa wrests top spot from Ryanair.
(January 21, 2018). Centre for Avaiation. Retrieved from
https://centreforaviation.com/analysis/reports/europes-top-20-airline-groups-by-passengers-2017-lufthansa-wrests-top-spot-from-ryanair-394211 on May 14, 2019.
Farnsworth, B. (November 1, 2016). What is Participant Bias? (And How to Defeat it). iMotions.
Retrieved on May 12, 2019 from https://imotions.com/blog/participant-bias/.
Faul, F., Erdfelder, E., Lang, A.-G., & Buchner, A. (2007). G*Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences. Behavior Research Methods, 39, pp. 175-191.
Faul, F., Erdfelder, E., Buchner, A., & Lang, A.-G. (2009). Statistical power analyses using G*Power 3.1: Tests for correlation and regression analyses. Behavior Research Methods, 41, pp.
Fertik, M. (April 3rd, 2012). Your Future Employer Is Watching You Online. You Should Be, Too.
Harvard Business Review. Retrieved from https://hbr.org/2012/04/your-future-employer-is-watchi on April 24, 2019
Floridi, L. (2005). The Ontological Interpretation of Informational Privacy. Ethics and Information Technology, 7(4), 185-200.
Fox, C. (January 21st, 2019). Google hit with £44 fine over ads. BBC News. Retrieved from https://www.bbc.com/news/technology-46944696 on April 25, 2019.
Fried, C. (1970). An Anatomy of Values. Problems of Personal and Social Choice. Harvard University Press.
Gallagher, R. (March 1, 2018). The Power Global Spy Alliance You Never Knew Existed. The Intercept. Retrieved on May 13, 2019 from https://theintercept.com/2018/03/01/nsa-global-surveillance-sigint-seniors/
Gawronski, B., & Creighton, L. (2013). Dual Process Theories. The Oxford Handbook of Social Cognition
Gerber, Nina, Gerber, Paul, & Volkamer, Melanie. (2018). Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security, 77, 226-261.
Gigerenzer, G. (1996). On Narrow Norms and Vague Heuristics: A Reply to Kahneman and Tversky (1996), 103(3), 592-596.
Global 500. (n.d.). CNN Money. Retrieved from
https://money.cnn.com/magazines/fortune/global500/2012/europe/ on May 14, 2019.
Greenwald, G. (July 31, 2013). XKeyscore: NSA tool collects 'nearly everything a user does on the internet'. The Guardian. Retrieved from https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data on May 13, 2019
Hausman, D., & Welch, B. (2010). Debate: To Nudge or Not to Nudge*. Journal of Political Philosophy, 18(1), 123-136.
Hummel, D., & Maedche, A. (2019). How Effective Is Nudging? A Quantitative Review on the Effect Sizes and Limits of Empirical Nudging Studies. Journal of Behavioral and Experimental Economics.
Jamison, & Wegener. (2010). Multiple selves in intertemporal choice. Journal of Economic Psychology, 31(5), 832-839.
Jensen, Carlos, Colin Potts, and Christian Jensen (2005), "Privacy Practices of Internet Users: Self-Reports Versus Observed Behavior," International Journal of Human-Computer Studies, 63 (July), 203-227.
John, K., Acquisti, A. & Loewenstein, G. (2011). Strangers on a plane: Context-dependent willingness to divulge sensitive information. J. Consum. Res. 37, 5 (2011), 858–873.
Johnson, E. J. and Goldstein, D. G. (2003). Do Defaults Save Lives?. Science, Vol. 302, pp. 1338-1339.
Kahneman, D. (2003). A perspective on judgment and choice: Mapping bounded rationality . American Psychologist , 58 , 697–720 .
Kahneman, D. (2011). Thinking, fast and slow. London: Allen Lane.
Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1991). Anomalies: The endowment effect, loss aversion, and status quo bias. Journal of Economic perspectives, 5(1), 193-206.
Kahneman, D., Tversky, A., & Pallak, Michael S. (1984). Choices, values, and frames. American Psychologist, 39(4), pp. 341-350.
Keren, G., & Schul, Y. (2009). Two Is Not Always Better Than One: A Critical Evaluation of Two-System Theories. Perspectives on Psychological Science, 4(6), 533-550.
King, Rochelle, Churchill, Elizabeth F, & Tan, Caitlin. (2017). Designing with data: Improving the user experience with A/B testing. Sebastopol, CA: O'Reilly Media.
Kosters, M. and Van der Heijden, J. (2015). From mechanism to virtue: Evaluating Nudge theory‘, Evaluation, 21(3), pp. 276–291.
Kruglanski, A. W., Erb, H. P., Pierro, A., Mannetti, L., & Chun, W. Y. (2006). On parametric continuities in the world of binary either ors . Psychological Inquiry , 17 , 153–165 .
Lambrea, M. (March 5, 2016). Mobile vs Desktop: 13 Essential User Behaviors. .appticles.
Retrieved from https://www.appticles.com/blog/2016/03/mobile-vs-desktop-13-essential-user-behaviors/ on May 9, 2019
Levin, I. P., & Gaeth, G. J. (1988). Framing of attribute information before and after consuming the product. Journal of Consumer Research, 15, 374–378.
Levin, Schneider, & Gaeth. (1998). All Frames Are Not Created Equal: A Typology and Critical Analysis of Framing Effects. Organizational Behavior and Human Decision Processes, 76(2), 149-188.
Loewenstein, G. and Prelec, D. (1992), “Anomalies in intertemporal choice: evidence and an interpretation”, Quarterly Journal of Economics, Vol. 107 No. 2, pp. 573-597.
Malgieri, & Custers. (2018). Pricing privacy – the right to know the value of your personal data.
Computer Law & Security Review: The International Journal of Technology Law and Practice, 34(2), 289-303.
Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that will transform how we live, work, and think. New York: Houghton Mifflin Harcourt.
McAfee, A., & Brynjolfsson, E. (2012). Big data: The management revolution. Harvard Business Review, 90(10), 60–68.
McDonald, J.H. 2014. Handbook of Biological Statistics (3rd ed.). Sparky House Publishing, Baltimore, Maryland
Miyazaki, A. (2008). Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage. Journal of Public Policy & Marketing, 27(1), 19-33.
Melendez, S. & Pasternack, A. (February 3, 2019). Here are the data brokers quietly buying and selling your personal information. Fast Company. Accessed on May 5, 2019) from
Meyerowitz, B. E., & Chaiken, S. (1987). The effect of message framing on breast self-examination attitudes, intentions, and behavior. Journal of Personality and Social Psychology, 52, 500–510.
Mooradian, N. (2009). The importance of privacy revisited. Ethics and Information Technology, 11(3), 163-174.
Mueller, R. (July 20, 2018). 76% Ignore Cookie Banners – The User Behavior After 30 Days of GDPR. Amazee Metrics. Retrieved from https://www.amazeemetrics.com/en/blog/76-ignore-cookie-banners-the-user-behavior-after-30-days-of-gdpr/ on May 3, 2019.
Natrella, M. G. (2013). Experimental statistics. Courier Corporation.
Norton Team. (n.d.). What You Need To Know About Cookies. Norton by Symantec. Retrieved from https://uk.norton.com/norton-blog/2015/07/what_you_need_tokno.html on May 14, 2019.
OECD. (2013). Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value (OECD Digital Economy Papers no.220). Paris: OECD Publishing.
Petronio, S. & Durham, W. (2008). Communication Privacy Management Theory: Significance for Interpersonal Communication. In Baxter, Leslie A, & Braithwaite, Dawn O. (2008). Engaging Theories in Interpersonal Communication: Multiple Perspectives. Sage Publications.
Phelps, E.S. and Pollak, R.A. (1968), “On second-best national saving and game equilibrium growth”, Review of Economic Studies, Vol. 35 No. 2, pp. 185-199.
Pollach, I. (2007). What's wrong with online privacy policies? Communications of the ACM, 50(9), 103-108.
Posner, R. A. (1977). The right of privacy. Ga. L. Rev., 12, 393.
POSNER, R, ECONOMIC ANALYSIS OF LAW 46 (5th ed. 1998).
Posner, M. I., & Snyder, C. R. R. (1975). Attention and cognitive control. In R. L. Solso (Ed.), Information processing and cognition: The Loyola Symposium . Hillsdale, NJ : Lawrence Erlbaum Associates Inc.
Presskorn-Thygesen, T. (2013). Samfundsvidenskabelige paradigmer - fire grundlæggende metodiske tendenser i morderne samfundsvidenskab. I C. N. (red.), Samfundsvidenskabelige analyse metoder (2. udgave udg., s. 21-48). Frederiksberg: Samfundslitteratur.
Rachels, J. (1975). Why Privacy is Important. Philosophy & Public Affairs,4(4), 323-333.
Ranking of European insurers and reinsurers in 2016. (n.d.). Atlas Magazine. Retrieved from https://www.atlas-mag.net/en/article/ranking-of-european-insurers-and-reinsurers-in-2016 on May 14, 2019
Samuelson, P.A. (1937), “A note on measurement of utility”, Review of Economic Studies, Vol. 4 No. 2, pp. 155-161.
Samuelson, P. (1948). Consumption Theory in Terms of Revealed Preference. Economica, 15(60), 243-253.
Samuelson, W., & Zeckhauser, R. (1988). Status quo bias in decision making. Journal of risk and uncertainty, 1(1), pp. 7-59.
Selinger, E., & Whyte, K. (2011). Is There a Right Way to Nudge? The Practice and Ethics of Choice Architecture. Sociology Compass, 5(10), 923-935.
Sherman, J. W. (2006). On building a better process model: It’s not only how many, but which ones and by which means . Psychological Inquiry , 17 , 173–184 .
Shostack. (2003). Paying for privacy: Consumers and infrastructures. In Proceedings of the 2nd Annual Workshop on Economics and Information Security.
Simon, H. (1955). A Behavioral Model of Rational Choice. The Quarterly Journal of Economics, 69(1), 99-118.
Slots- og Kulturstyrelsen. (n.d.). Mobile phone and tablet use to access the internet in Denmark in 2017, by age. In Statista - The Statistics Portal. Retrieved May 14, 2019, from
Solove, D. (2002). Conceptualizing Privacy. California Law Review, 90(4), pp. 1087-1155.
Solove, D. (2009). Understanding privacy. Cambridge, Mass: Harvard University Press.
Stanovich, K. E., & West, R. F. (2000). Individual differences in reasoning: Implications for the rationality debate? Behavioral and Brain Sciences , 23 , 645–726.
StatCounter. (n.d.). Percentage of mobile device website traffic worldwide from 1st quarter 2015 to 1st quarter 2019. In Statista - The Statistics Portal. Retrieved May 14, 2019, from
Sunstein, C. (2014). Simpler: The future of government. New York: Simon & Schuster.
Sunstein, C. R. (2016). The ethics of influence: Government in the age of behavioral science.
Cambridge University Press.
Sunstein, C. R. (2016b). People prefer system 2 nudges (kind of). Duke LJ, 66, 121.
Sunstein, C. R. (2017). Nudges that fail. Behavioural Public Policy, 1(1), 4-25.
Thaler, R. (1981). Some empirical evidence on dynamic inconsistency. Economics Letters, 8(3), 201-207.
Thaler, R. (2018). Nudge, not sludge. Science Direct, 361(6401), p. 431
Thaler, Richard H, & Sunstein, Cass R. (2009). Nudge: Improving decisions about health, wealth, and happiness (Rev. and expanded. ed.). New York: Penguin Books.
The World’s Largest Public Companies. (n.d.). Forbes. Retrieved from https://www.forbes.com/global2000/list/#tab:overall on May 14, 2019.
Thorndike, Riis, Sonnenberg, & Levy. (2014). Traffic-Light Labels and Choice
Architecture:Promoting Healthy Food Choices: Promoting Healthy Food Choices. American Journal of Preventive Medicine, 46(2), 143-149.
Top 100 fashion companies Index. (n.d.). Fashion United. Retrieved from https://fashionunited.com/i/top100/ on May 14, 2019.
Top 50 Brands. (n.d.). Global Cosmetic News. Retrieved from https://globalcosmeticsnews.com/top-50-brands/ on May 14, 2019.
Tversky, A., & Kahneman, D. (1974). Judgment under uncertainty: Heuristics and biases. Science, 185(4157), pp. 1124-1131.
Tversky, A., &Kahneman, D. (1981). The framing of decisions and the psychology of choice.
Science, 211, 453–458.
U.S. Food & Drug Administration
https://www.fda.gov/TobaccoProducts/Labeling/RulesRegulationsGuidance/ucm246129.htm Wang, Y., Leon, P. G., Scott, K., Chen, X., Acquisti, A., & Cranor, L. F. (2013). Privacy nudges for social media: an exploratory Facebook study. In Proceedings of the 22nd International Conference on World Wide Web (pp. 763-770). ACM.
Wansink, B. and Hanks, A. S. (2013) Slim by Design: Serving Healthy Foods First in Buffet Lines Improves Overall Meal Selection‘, PLOS ONE, 8(10), 1–5.
Warren, S., Brandeis, L.D., 1890. The right to privacy. Harvard Law Review, 5.
Welch, C. (March, 2019). Read Mark Zuckerberg’s letter on Facebook’s privacy-focused future.
The Verge. Retrieved on May 12, 2019 from https://www.theverge.com/2019/3/6/18253472/mark-zuckerberg-facebook-letter-privacy-encrypted-messaging
Wellers, D. (May 11, 2017). The Big (Data) Problem With Machine Learning. Digitalist Magazine.
Retrieved from https://www.digitalistmag.com/digital-economy/2017/05/11/big-data-problem-with-machine-learning-05084700 on May 14, 2019
Westin, A. (1967). Privacy and Freedom, New York: Atheneum, p. 7.
Willis, L. (2013). When Nudges Fail: Slippery Defaults. The University of Chicago Law Review, 80(3), 1155-1229.
Yan, J., Liu, N, Wang, G., Zhang, W., Jiang, Y, Chen, Z. (2009). ‘How Much Can Behavioral Targeting Help Online Advertising?’, Proceedings of the Eighteenth International Conference on World Wide Web (ACM 2009).
Zimmerman, G. (March 12, 2019). Top 10 Renewable Energy Companies (2019) - Solar & Wind.
Retrieved from https://energyacuity.com/blog/top-10-renewable-energy-companies/ on May 14, 2019.
Data Protection Directive - Directive 1995/46/EC (EU) European Convention on Human Rights (1950)
ePrivacy Directive - Directive 2002/58/EC ePrivacy Directive - Directive 2009/136/EC
ePrivacy Regulation Proposal - amendment (July, 2018) - https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_10975_2018_INIT&from=EN
General Data Protection Regulation - Regulation 2016/679 (EU) Opinions
Article 29 Data Protection Working Party, Opinion 2/2010 on online behavioural advertising, 22 June 2010
Article 29 Data Protection Working Party, Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive), 10 February 2009 Article 29 Working Party Guidelines on consent under Regulation 2016/679, April 2018
European Data Protection Board, Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, March 12, 2019
Appendix A - Cookie details in layered form
Appendix B - Average consent rates for weekdays
Figure 20: Average consent rates for weekdays during the four-week period
Appendix C - Time of interaction
Appendix D - Classification of cookie banners
Industry Non-compliant Compliant - Accept Compliant neutral Banks
HSBC (U.K.) x
Deutsche Bank (Germany) x
BNP Paribas (France) x
Santander (Spain) x
ING Groep (Netherlands) x
Danske Bank x
Uni Credit (Italy) x
UBS (Switzerland) x
KBC (Belgium) x
00.00 01.00 02.00 03.00 04.00 05.00 06.00 07.00 08.00 09.00 10.00 11.00 12.00 13.00 14.00 15.00 16.00 17.00 18.00 19.00 20.00 21.00 22.00 23.00
Percentage of visitors
Hour of the day
Website visitors during the day
Allianz Group (Germany) x
AXA (France) x
Generali (Italy) x
Zurich Insurance Group (Switzerland) Prudential (U.K.)
AEGON (Netherlands) x
MAPFRE (Spain) x
XL Catlin (Ireland) x
Ageas (Belgium) x
Vienna Insurance Group (Austria) x
Lufthansa (Germany) x
Ryanair (Ireland) x
British Airways (U.K.) x
Iberia (Spain) x
Air France (France) x
KLM (Netherlands) x
Easyjet (U.K.) x
Wizz Air (Hungary) x
SAS (Sweden) x
Norwegian (Norway) x
Louis Vuitton (LVMH, France) x
Nike (USA) x
Zara (Inditex, Spain) x
Dior (France) x
Gucci (Kering, France) x Hermés (France)
Cartier (Richemont, Switzerland) x
Adidas (Germany) x
Oakley (Luxottica, Italy)
H&M (Sweden) x
Royal Dutch Shell (Netherlands) x
BP (U.K. x
Total (France) x
E.ON (Germany) x
ENI (Italy) x
Siemens Gamesa (Spain) x
Equinor (Norway) x
Vestas (Denmark) x
Ørsted (Denmark) x
Glencore (Switzerland) x
Volkswagen ( VW Group, Germany) x
Renault (France) x
Ford (USA) x
Peugeot (PSA Group, France) x
Opel (PSA Group, France) x Mercedes Benz (Germany) x
BMW (Germany) x
Skoda (VW Group, Germany) x
Audi (VW Group, Germany) x
Toyota (Japan) x
L'oreal (France) x
Nivea (Germany) x
Lancome (France) x
Dove (Unilever, Netherlands) x Gillette (Procter & Gamble, USA) x
Estée Lauder (USA) x
Schwarzkopf (Henkel, Germany) x L'Occitane en Provence (France) x Neutrogena (Johnson & Johnson, USA)
Chanel (France) x
Consumer electronics Apple (USA)
Samsung (South Korea) x
Nokia (Finland) x
Dell (USA) x
Sony (Japan) x
Panasonic (Japan) x
Hewlett-Packard (USA) x
Toshiba (Japan) x
Fujitsu (Japan) x
LG (South Korea) x
Software and computer services
Google (Alphabet, USA) x
Amazon (USA) x
Facebook (USA) x
Netflix (USA) x
Twitter (USA) x
Microsoft (USA) x
Spotify (Sweden) x
Zalando (Germany) x
Adobe Systems (USA) x
Total 74 9 1
88,10% 10,71% 1,19%
Appendix E – Real-life cookie banners
HSBC - 17.04.19
Deutsche Bank - 17.04.19
BNP Paribas - retrieved 17.04.19
Santander - 17.04.19
ING Groep - 17.04.19
Nordea - 17.04.19
Danske Bank - 17.04.19
Uni Credit - 17.04.19
UBS - 17.04.19
KBC - 17.04.19
Allianz Group (Germany)
AXA (France) 23.04.19
Generali (Italy) 23.04.19
Zurich Insurance Group (Switzerland) 23.04.19 No banner
Prudential (U.K.) 23.04.19 No banner
AEGON (Netherlands) 23.04.19
MAPFRE (Spain) 23.04.19
XL Catlin (Ireland) 23.04.19
Ageas (Belgium) 23.04.19
Vienna Insurance Group (Austria) 23.04.19
Lufthansa (Germany) 23.04.19
Ryanair (Ireland) 23.04.19
British Airways (U.K.) 23.04.19
Iberia (Spain) 23.04.19
Air France (France) 23.04.19
KLM (Netherlands) 23.04.19
Easyjet (U.K.) 23.04.19
Wizz Air (Hungary) 23.04.19
SAS (Sweden) 23.04.19
Norwegian (Norway) 23.04.19
Louis Vuitton (France) 23.04.19
Nike (USA) 23.04.19
Zara (Inditex, Spain) 23.04.19
Dior (France) 23.04.19
Gucci (Kering, France) 23.04.19
Hermés (France) 23.04.19
No cookie banner - do use third party and personal cookies
Cartier (Richemont, Switzerland) 23.04.19
Adidas (Germany) 23.04.19
Oakley (Luxottica, Italy) 23.04.19
No cookie banner - Do use personal cookies
H&M (Sweden) 23.04.19
Royal Dutch Shell (Netherlands) 23.04.19
BP (U.K.) 23.04.19
Total (France) 23.04.19
E.ON (Germany) 23.04.19
ENI (Italy) 23.04.19
Siemens Gamesa (Spain) 23.04.19
Equinor (Norway) 23.04.19
Vestas (Denmark) 23.04.19
Ørsted (Denmark) 23.04.19
Glencore (Switzerland) 23.04.19
Volkswagen (VW Group, Germany) 23.04.19
Renault (France) 23.04.19
Ford (USA) 23.04.19
Peugeot (PSA Group, France) 23.04.19
Opel (PSA Group, France) 23.04.19
Mercedes Benz (Germany) 23.04.19
BMW (Germany) 23.04.19
Skoda (VW Group, Germany) 23.04.19
Audi (VW Group, Germany) 23.04.19
Toyota (Japan) 23.04.19
L'oreal (France) - 23.04.19
Nivea (Germany) - 23.04.19
Lancome (France) - 23.04.19
Dove (Unilever, Netherlands) - 23.04.19
Gillette (Procter & Gamble, USA) - 23.04.19
Estée Lauder (USA) - 23.04.19
Schwarzkopf (Henkel, Germany) - 23.04.19
L'Occitane en Provence (France) - 23.04.19
Neutrogena (Johnson & Johnson, USA) - 23.04.19
Chanel (France) - 23.04.19
8. Consumer electronics
Apple (USA) - 29.04.2019 No cookie banner
Samsung (South Korea) - 29.04.2019
Nokia (Finland) - 29.04.2019
Dell (USA) - 29.04.2019
Sony (Japan) - 29.04.2019
Panasonic (Japan) - 29.04.2019
HP (USA) - 29.04.2019
Toshiba (Japan) - 29.04.2019
Fujitsu (Japan) - 29.04.2019
LG (South Korea) - 29.04.2019
9. Software and computer services
Google (Alphabet, USA) - 29.04.2019
Amazon (USA) - 29.04.2019
Facebook (USA) - 29.04.2019
Netflix (USA) - 29.04.2019
Twitter (USA) - 29.04.2019
Microsoft (USA) - 29.04.2019
Spotify (Luxembourg) - 29.04.2019
Zalando (Germany) - 29.04.2019
Adobe Systems (USA) - 29.04.2019