• Ingen resultater fundet


In document Are You Sure, You Want a Cookie? (Sider 86-128)

The objective of this thesis was to investigate how choice architects in accordance with current EU privacy legislation affect users’ decision-making towards accepting cookies.

The EU acknowledges the importance of privacy and has for that reason implemented legislation within the field, the latest addition being the GDPR. Having reviewed current informational privacy legislation with regard to consent and cookies, we identified an overarching focus on the

information that should be provided to the user in order for consent to be valid. As such, it seems that the EU is legislating for the homo economicus who considers all relevant information to maximise utility, and ultimately decide upon the option equal to preference. This assumption of the completely rational user is, however, in opposition to the dual process theory within the field of behavioural economics. Rather, users are limited by bounded rationality and rely on dual processes when making decisions, which result in heuristics and cognitive biases. Empirical research has demonstrated how these heuristics and biases can be exploited in order to influence decision-making. On the basis of this literature, a gap was identified in assessing how much leeway current privacy legislation gives choice architects to influence users’ choice with regard to cookies. We hypothesized that choice architecture affects the user’s decision of whether to accept or decline cookies and conducted an experiment to test the hypothesis. In our experiment, two different cookie banner designs were tested on the website of the IT company ADDvision A/S. The cookie banner designs employed choice architecture elements including salience, effort, and framing to investigate the effect of choice architecture on users’ decision to accept cookies. The changes in choice

architecture resulted in a 84.9% difference in cookie acceptance rate between the two banners. As such, our experiment strongly suggests that choice architects can influence users’ decision with regard to cookie acceptance by changing the choice architecture of cookie banners. As such, our findings confirm those of previous research that people are not rational, and that a user will not always choose in accordance with his preferences. Furthermore, we conducted an analysis of 90 real-world cookie banners to investigate whether the identified gap in legislation regarding choice architecture is exploited by companies. Our findings from this analysis showed that the vast majority of the companies currently do not comply with EU legislation. In addition, the use of choice architecture to ensure consent is widespread and often even more manipulative than the choice architecture applied in our experiment.

Our findings inform legislators on the importance of regulating choice architecture in order to ensure actual control over personal information. This should be considered before implementing the new ePrivacy Regulation. Merely requiring companies to provide full information is not enough to ensure actual control over personal information. For the time being, a lack of regulation on choice architecture results in companies being able to nudge users to consent to the collection of personal data. Legislators should, thus, consider the insights from our study along with previous research in order to ensure that users’ privacy is protected.

As such, the behavioural insights to implement effective limits on online tracking are available. The question that remains is: is the EU ready to employ these insights and legislate on choice



Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification.

Proceedings of the 5th ACM Conference on Electronic Commerce, pp. 21-29.

Acquisti, A., & Grossklags, J. (2007). What can behavioral economics teach us about privacy.

Digital privacy: theory, technologies and practices, 18, 363-377.

Acquisti, A., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L., Komanduri, S., . . . Wilson, S.

(2017). Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online. ACM Computing Surveys (CSUR), 50(3), pp. 1-41.

Albrecht, L. (June 17, 2018). How behavioral economics is being used against you. Marketwatch.

Retrieved on May 13, 2019 from https://www.marketwatch.com/story/nobel-prize-winning-economist-richard-thalers-nudge-theory-has-a-dark-side-too-2017-10-17

Analytics Help. (n.d.). Google. Retrieved

from https://support.google.com/analytics/answer/2799357?hl=en on May 14, 2019.

Andersen, D. (July 9, 2018). How AI Helps Marketers Build Customer Profiles and Drive Revenue.

DialogTech. Retrieved on May 14, 2019 from https://www.dialogtech.com/blog/marketing-analytics/ai-customer-profiles

Andrade, C. (2018). Internal, External, and Ecological Validity in Research Design, Conduct, and Evaluation. Indian J Psychol Med, 40(5), pp. 498-499.

Are cookies crumbling our privacy? We asked an expert to find out. (n.d.). Digital Trends.

Retrieved from https://www.digitaltrends.com/computing/history-of-cookies-and-effect-on-privacy/

on May 14, 2019.

Bekker, H. (January 16, 2019). 2018 (Full Year) Europe: Best-Selling Car Manufacturers and Brands. Car Sales Statistics. Retrieved from https://www.best-selling-cars.com/europe/2018-full-year-europe-best-selling-car-manufacturers-and-brands/ on May 14, 2019.

Berns, Laibson, and Loewenstein. (2007). Intertemporal choice – toward an integrative framework.

Trends in Cognitive Sciences, 11(11), pp. 482-488.

Böhme, R., & Köpsell, S. (2010). Trained to accept?: A field experiment on consent

dialogs. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, 4, 2403-2406.

Boutin, Paul ‘The Secretive World of Selling Data about You’ (2016), Newsweek,

http://www.newsweek.com/secretive-world-selling-data-about-you-464789 (accessed April 12, 2019).

Brandimarte, L., Acquisti, A., Loewenstein, G. (2009). Privacy concerns and information disclosure: an illusion of control hypothesis. In: Proceedings of the poster iConference.

Business Insider. (May 18, 2018). The 50 largest banks in Europe by total assets. Accessed on April 20, 2019 via


Carruthers, P. (2009). An architecture for dual reasoning. In J. St. B. T. Evans & K. Frankish (Eds.), In two minds: Dual processes and beyond (pp. 109–127). New York: Oxford University Press . Cofone, I. (2015). Privacy Tradeoffs in Information Technology Law (Doctoral dissertation, Erasmus University Rotterdam). Retrieved from


Cofone, I. (2017). The way the cookie crumbles: online tracking meets behavioural economics, International Journal of Law and Information Technology, Volume 25, Issue 1, 1 March 2017, Pages 38–62

Cohen, J. (1988). Statistical Power Analysis for the Behavioral Sciences.New York: Lawrence Erlbaum Associates Inc.

Coventry, Jeske, Blythe, Turland, & Briggs. (2016). Personality and Social Framing in Privacy Decision-Making: A Study on Cookie Acceptance. Frontiers in Psychology, 7, 1341.

Choe, E. K., Jung, J., Lee, B., & Fisher, K. (September, 2013). Nudging people away from privacy-invasive mobile apps through visual framing. In IFIP Conference on Human-Computer Interaction (pp. 74-91). Springer, Berlin, Heidelberg.

Danish Business Authority. (March, 2015). Befolkningens adfærd på nettet. Retrieved from

https://erhvervsstyrelsen.dk/sites/default/files/media/befolkningens_adfaerd_paa_nettet_tilgaengelig .pdf?fbclid=IwAR1v7BXPgmY5PIthxwmvSf25Clxq_YmFhvHYP-Pr15ssmpYVHq-IfotV2Oo on March 4, 2019.

Dienlin, T, Trepte, S. (2015). Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors. Eur J Soc Psychol 45(3), pp. 285–97.

Dinner, I., Johnson, E., Goldstein, D., Liu, K., & Rogers, Wendy A. (2011). Partitioning Default Effects: Why People Choose Not to Choose. Journal of Experimental Psychology: Applied, 17(4), pp. 332-341.

Dolan, P., Hallsworth, M., Halpern, D., King, D., Metcalfe, R., & Vlaev, I. (2012). Influencing behaviour: The mindspace way. Journal of Economic Psychology, 33(1), 264-277.

Eldridge, S. M., Ukoumunne, O. C., & Carlin, J. B. (2009). The intra‐cluster correlation coefficient in cluster randomized trials: a review of definitions. International Statistical Review, 77(3), 378-394 Erevelles, Fukawa, & Swayne. (2016). Big Data consumer analytics and the transformation of marketing. Journal of Business Research, 69(2), 897-904.

European Commission. (n.d.). Cookies. Retrieved from

http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm on May 14, 2019.

Europe’s Top 20 airline groups by passengers 2017; Lufthansa wrests top spot from Ryanair.

(January 21, 2018). Centre for Avaiation. Retrieved from

https://centreforaviation.com/analysis/reports/europes-top-20-airline-groups-by-passengers-2017-lufthansa-wrests-top-spot-from-ryanair-394211 on May 14, 2019.

Farnsworth, B. (November 1, 2016). What is Participant Bias? (And How to Defeat it). iMotions.

Retrieved on May 12, 2019 from https://imotions.com/blog/participant-bias/.

Faul, F., Erdfelder, E., Lang, A.-G., & Buchner, A. (2007). G*Power 3: A flexible statistical power analysis program for the social, behavioral, and biomedical sciences. Behavior Research Methods, 39, pp. 175-191.

Faul, F., Erdfelder, E., Buchner, A., & Lang, A.-G. (2009). Statistical power analyses using G*Power 3.1: Tests for correlation and regression analyses. Behavior Research Methods, 41, pp.


Fertik, M. (April 3rd, 2012). Your Future Employer Is Watching You Online. You Should Be, Too.

Harvard Business Review. Retrieved from https://hbr.org/2012/04/your-future-employer-is-watchi on April 24, 2019

Floridi, L. (2005). The Ontological Interpretation of Informational Privacy. Ethics and Information Technology, 7(4), 185-200.

Fox, C. (January 21st, 2019). Google hit with £44 fine over ads. BBC News. Retrieved from https://www.bbc.com/news/technology-46944696 on April 25, 2019.

Fried, C. (1970). An Anatomy of Values. Problems of Personal and Social Choice. Harvard University Press.

Gallagher, R. (March 1, 2018). The Power Global Spy Alliance You Never Knew Existed. The Intercept. Retrieved on May 13, 2019 from https://theintercept.com/2018/03/01/nsa-global-surveillance-sigint-seniors/

Gawronski, B., & Creighton, L. (2013). Dual Process Theories. The Oxford Handbook of Social Cognition

Gerber, Nina, Gerber, Paul, & Volkamer, Melanie. (2018). Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security, 77, 226-261.

Gigerenzer, G. (1996). On Narrow Norms and Vague Heuristics: A Reply to Kahneman and Tversky (1996), 103(3), 592-596.

Global 500. (n.d.). CNN Money. Retrieved from

https://money.cnn.com/magazines/fortune/global500/2012/europe/ on May 14, 2019.

Greenwald, G. (July 31, 2013). XKeyscore: NSA tool collects 'nearly everything a user does on the internet'. The Guardian. Retrieved from https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data on May 13, 2019

Hausman, D., & Welch, B. (2010). Debate: To Nudge or Not to Nudge*. Journal of Political Philosophy, 18(1), 123-136.

Hummel, D., & Maedche, A. (2019). How Effective Is Nudging? A Quantitative Review on the Effect Sizes and Limits of Empirical Nudging Studies. Journal of Behavioral and Experimental Economics.

Jamison, & Wegener. (2010). Multiple selves in intertemporal choice. Journal of Economic Psychology, 31(5), 832-839.

Jensen, Carlos, Colin Potts, and Christian Jensen (2005), "Privacy Practices of Internet Users: Self-Reports Versus Observed Behavior," International Journal of Human-Computer Studies, 63 (July), 203-227.

John, K., Acquisti, A. & Loewenstein, G. (2011). Strangers on a plane: Context-dependent willingness to divulge sensitive information. J. Consum. Res. 37, 5 (2011), 858–873.

Johnson, E. J. and Goldstein, D. G. (2003). Do Defaults Save Lives?. Science, Vol. 302, pp. 1338-1339.

Kahneman, D. (2003). A perspective on judgment and choice: Mapping bounded rationality . American Psychologist , 58 , 697–720 .

Kahneman, D. (2011). Thinking, fast and slow. London: Allen Lane.

Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1991). Anomalies: The endowment effect, loss aversion, and status quo bias. Journal of Economic perspectives, 5(1), 193-206.

Kahneman, D., Tversky, A., & Pallak, Michael S. (1984). Choices, values, and frames. American Psychologist, 39(4), pp. 341-350.

Keren, G., & Schul, Y. (2009). Two Is Not Always Better Than One: A Critical Evaluation of Two-System Theories. Perspectives on Psychological Science, 4(6), 533-550.

King, Rochelle, Churchill, Elizabeth F, & Tan, Caitlin. (2017). Designing with data: Improving the user experience with A/B testing. Sebastopol, CA: O'Reilly Media.

Kosters, M. and Van der Heijden, J. (2015). From mechanism to virtue: Evaluating Nudge theory‘, Evaluation, 21(3), pp. 276–291.

Kruglanski, A. W., Erb, H. P., Pierro, A., Mannetti, L., & Chun, W. Y. (2006). On parametric continuities in the world of binary either ors . Psychological Inquiry , 17 , 153–165 .

Lambrea, M. (March 5, 2016). Mobile vs Desktop: 13 Essential User Behaviors. .appticles.

Retrieved from https://www.appticles.com/blog/2016/03/mobile-vs-desktop-13-essential-user-behaviors/ on May 9, 2019

Levin, I. P., & Gaeth, G. J. (1988). Framing of attribute information before and after consuming the product. Journal of Consumer Research, 15, 374–378.

Levin, Schneider, & Gaeth. (1998). All Frames Are Not Created Equal: A Typology and Critical Analysis of Framing Effects. Organizational Behavior and Human Decision Processes, 76(2), 149-188.

Loewenstein, G. and Prelec, D. (1992), “Anomalies in intertemporal choice: evidence and an interpretation”, Quarterly Journal of Economics, Vol. 107 No. 2, pp. 573-597.

Malgieri, & Custers. (2018). Pricing privacy – the right to know the value of your personal data.

Computer Law & Security Review: The International Journal of Technology Law and Practice, 34(2), 289-303.

Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that will transform how we live, work, and think. New York: Houghton Mifflin Harcourt.

McAfee, A., & Brynjolfsson, E. (2012). Big data: The management revolution. Harvard Business Review, 90(10), 60–68.

McDonald, J.H. 2014. Handbook of Biological Statistics (3rd ed.). Sparky House Publishing, Baltimore, Maryland

Miyazaki, A. (2008). Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage. Journal of Public Policy & Marketing, 27(1), 19-33.

Melendez, S. & Pasternack, A. (February 3, 2019). Here are the data brokers quietly buying and selling your personal information. Fast Company. Accessed on May 5, 2019) from


Meyerowitz, B. E., & Chaiken, S. (1987). The effect of message framing on breast self-examination attitudes, intentions, and behavior. Journal of Personality and Social Psychology, 52, 500–510.

Mooradian, N. (2009). The importance of privacy revisited. Ethics and Information Technology, 11(3), 163-174.

Mueller, R. (July 20, 2018). 76% Ignore Cookie Banners – The User Behavior After 30 Days of GDPR. Amazee Metrics. Retrieved from https://www.amazeemetrics.com/en/blog/76-ignore-cookie-banners-the-user-behavior-after-30-days-of-gdpr/ on May 3, 2019.

Natrella, M. G. (2013). Experimental statistics. Courier Corporation.

Norton Team. (n.d.). What You Need To Know About Cookies. Norton by Symantec. Retrieved from https://uk.norton.com/norton-blog/2015/07/what_you_need_tokno.html on May 14, 2019.

OECD. (2013). Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value (OECD Digital Economy Papers no.220). Paris: OECD Publishing.

Petronio, S. & Durham, W. (2008). Communication Privacy Management Theory: Significance for Interpersonal Communication. In Baxter, Leslie A, & Braithwaite, Dawn O. (2008). Engaging Theories in Interpersonal Communication: Multiple Perspectives. Sage Publications.

Phelps, E.S. and Pollak, R.A. (1968), “On second-best national saving and game equilibrium growth”, Review of Economic Studies, Vol. 35 No. 2, pp. 185-199.

Pollach, I. (2007). What's wrong with online privacy policies? Communications of the ACM, 50(9), 103-108.

Posner, R. A. (1977). The right of privacy. Ga. L. Rev., 12, 393.


Posner, M. I., & Snyder, C. R. R. (1975). Attention and cognitive control. In R. L. Solso (Ed.), Information processing and cognition: The Loyola Symposium . Hillsdale, NJ : Lawrence Erlbaum Associates Inc.

Presskorn-Thygesen, T. (2013). Samfundsvidenskabelige paradigmer - fire grundlæggende metodiske tendenser i morderne samfundsvidenskab. I C. N. (red.), Samfundsvidenskabelige analyse metoder (2. udgave udg., s. 21-48). Frederiksberg: Samfundslitteratur.

Rachels, J. (1975). Why Privacy is Important. Philosophy & Public Affairs,4(4), 323-333.

Ranking of European insurers and reinsurers in 2016. (n.d.). Atlas Magazine. Retrieved from https://www.atlas-mag.net/en/article/ranking-of-european-insurers-and-reinsurers-in-2016 on May 14, 2019

Samuelson, P.A. (1937), “A note on measurement of utility”, Review of Economic Studies, Vol. 4 No. 2, pp. 155-161.

Samuelson, P. (1948). Consumption Theory in Terms of Revealed Preference. Economica, 15(60), 243-253.

Samuelson, W., & Zeckhauser, R. (1988). Status quo bias in decision making. Journal of risk and uncertainty, 1(1), pp. 7-59.

Selinger, E., & Whyte, K. (2011). Is There a Right Way to Nudge? The Practice and Ethics of Choice Architecture. Sociology Compass, 5(10), 923-935.

Sherman, J. W. (2006). On building a better process model: It’s not only how many, but which ones and by which means . Psychological Inquiry , 17 , 173–184 .

Shostack. (2003). Paying for privacy: Consumers and infrastructures. In Proceedings of the 2nd Annual Workshop on Economics and Information Security.

Simon, H. (1955). A Behavioral Model of Rational Choice. The Quarterly Journal of Economics, 69(1), 99-118.

Slots- og Kulturstyrelsen. (n.d.). Mobile phone and tablet use to access the internet in Denmark in 2017, by age. In Statista - The Statistics Portal. Retrieved May 14, 2019, from


Solove, D. (2002). Conceptualizing Privacy. California Law Review, 90(4), pp. 1087-1155.

Solove, D. (2009). Understanding privacy. Cambridge, Mass: Harvard University Press.

Stanovich, K. E., & West, R. F. (2000). Individual differences in reasoning: Implications for the rationality debate? Behavioral and Brain Sciences , 23 , 645–726.

StatCounter. (n.d.). Percentage of mobile device website traffic worldwide from 1st quarter 2015 to 1st quarter 2019. In Statista - The Statistics Portal. Retrieved May 14, 2019, from


Sunstein, C. (2014). Simpler: The future of government. New York: Simon & Schuster.

Sunstein, C. R. (2016). The ethics of influence: Government in the age of behavioral science.

Cambridge University Press.

Sunstein, C. R. (2016b). People prefer system 2 nudges (kind of). Duke LJ, 66, 121.

Sunstein, C. R. (2017). Nudges that fail. Behavioural Public Policy, 1(1), 4-25.

Thaler, R. (1981). Some empirical evidence on dynamic inconsistency. Economics Letters, 8(3), 201-207.

Thaler, R. (2018). Nudge, not sludge. Science Direct, 361(6401), p. 431

Thaler, Richard H, & Sunstein, Cass R. (2009). Nudge: Improving decisions about health, wealth, and happiness (Rev. and expanded. ed.). New York: Penguin Books.

The World’s Largest Public Companies. (n.d.). Forbes. Retrieved from https://www.forbes.com/global2000/list/#tab:overall on May 14, 2019.

Thorndike, Riis, Sonnenberg, & Levy. (2014). Traffic-Light Labels and Choice

Architecture:Promoting Healthy Food Choices: Promoting Healthy Food Choices. American Journal of Preventive Medicine, 46(2), 143-149.

Top 100 fashion companies Index. (n.d.). Fashion United. Retrieved from https://fashionunited.com/i/top100/ on May 14, 2019.

Top 50 Brands. (n.d.). Global Cosmetic News. Retrieved from https://globalcosmeticsnews.com/top-50-brands/ on May 14, 2019.

Tversky, A., & Kahneman, D. (1974). Judgment under uncertainty: Heuristics and biases. Science, 185(4157), pp. 1124-1131.

Tversky, A., &Kahneman, D. (1981). The framing of decisions and the psychology of choice.

Science, 211, 453–458.

U.S. Food & Drug Administration

https://www.fda.gov/TobaccoProducts/Labeling/RulesRegulationsGuidance/ucm246129.htm Wang, Y., Leon, P. G., Scott, K., Chen, X., Acquisti, A., & Cranor, L. F. (2013). Privacy nudges for social media: an exploratory Facebook study. In Proceedings of the 22nd International Conference on World Wide Web (pp. 763-770). ACM.

Wansink, B. and Hanks, A. S. (2013) Slim by Design: Serving Healthy Foods First in Buffet Lines Improves Overall Meal Selection‘, PLOS ONE, 8(10), 1–5.

Warren, S., Brandeis, L.D., 1890. The right to privacy. Harvard Law Review, 5.

http://www.lawrence.edu/fast/boardmaw/ Privacy_brand_warr2.htmlS

Welch, C. (March, 2019). Read Mark Zuckerberg’s letter on Facebook’s privacy-focused future.

The Verge. Retrieved on May 12, 2019 from https://www.theverge.com/2019/3/6/18253472/mark-zuckerberg-facebook-letter-privacy-encrypted-messaging

Wellers, D. (May 11, 2017). The Big (Data) Problem With Machine Learning. Digitalist Magazine.

Retrieved from https://www.digitalistmag.com/digital-economy/2017/05/11/big-data-problem-with-machine-learning-05084700 on May 14, 2019

Westin, A. (1967). Privacy and Freedom, New York: Atheneum, p. 7.

Willis, L. (2013). When Nudges Fail: Slippery Defaults. The University of Chicago Law Review, 80(3), 1155-1229.

Yan, J., Liu, N, Wang, G., Zhang, W., Jiang, Y, Chen, Z. (2009). ‘How Much Can Behavioral Targeting Help Online Advertising?’, Proceedings of the Eighteenth International Conference on World Wide Web (ACM 2009).

Zimmerman, G. (March 12, 2019). Top 10 Renewable Energy Companies (2019) - Solar & Wind.

Retrieved from https://energyacuity.com/blog/top-10-renewable-energy-companies/ on May 14, 2019.


Data Protection Directive - Directive 1995/46/EC (EU) European Convention on Human Rights (1950)

ePrivacy Directive - Directive 2002/58/EC ePrivacy Directive - Directive 2009/136/EC

ePrivacy Regulation Proposal - amendment (July, 2018) - https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_10975_2018_INIT&from=EN

General Data Protection Regulation - Regulation 2016/679 (EU) Opinions

Article 29 Data Protection Working Party, Opinion 2/2010 on online behavioural advertising, 22 June 2010

Article 29 Data Protection Working Party, Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive), 10 February 2009 Article 29 Working Party Guidelines on consent under Regulation 2016/679, April 2018

European Data Protection Board, Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities, March 12, 2019


Appendix A - Cookie details in layered form

Appendix B - Average consent rates for weekdays

Figure 20: Average consent rates for weekdays during the four-week period

Appendix C - Time of interaction

Appendix D - Classification of cookie banners

Industry Non-compliant Compliant - Accept Compliant neutral Banks

HSBC (U.K.) x

Deutsche Bank (Germany) x

BNP Paribas (France) x

Santander (Spain) x

ING Groep (Netherlands) x

Nordea x

Danske Bank x

Uni Credit (Italy) x

UBS (Switzerland) x

KBC (Belgium) x









00.00 01.00 02.00 03.00 04.00 05.00 06.00 07.00 08.00 09.00 10.00 11.00 12.00 13.00 14.00 15.00 16.00 17.00 18.00 19.00 20.00 21.00 22.00 23.00

Percentage of visitors

Hour of the day

Website visitors during the day

Mobile/tablet Desktop/laptop

Insurance companies

Allianz Group (Germany) x

AXA (France) x

Generali (Italy) x

Zurich Insurance Group (Switzerland) Prudential (U.K.)

AEGON (Netherlands) x

MAPFRE (Spain) x

XL Catlin (Ireland) x

Ageas (Belgium) x

Vienna Insurance Group (Austria) x


Lufthansa (Germany) x

Ryanair (Ireland) x

British Airways (U.K.) x

Iberia (Spain) x

Air France (France) x

KLM (Netherlands) x

Easyjet (U.K.) x

Wizz Air (Hungary) x

SAS (Sweden) x

Norwegian (Norway) x


Louis Vuitton (LVMH, France) x

Nike (USA) x

Zara (Inditex, Spain) x

Dior (France) x

Gucci (Kering, France) x Hermés (France)

Cartier (Richemont, Switzerland) x

Adidas (Germany) x

Oakley (Luxottica, Italy)

H&M (Sweden) x


Royal Dutch Shell (Netherlands) x

BP (U.K. x

Total (France) x

E.ON (Germany) x

ENI (Italy) x

Siemens Gamesa (Spain) x

Equinor (Norway) x

Vestas (Denmark) x

Ørsted (Denmark) x

Glencore (Switzerland) x


Volkswagen ( VW Group, Germany) x

Renault (France) x

Ford (USA) x

Peugeot (PSA Group, France) x

Opel (PSA Group, France) x Mercedes Benz (Germany) x

BMW (Germany) x

Skoda (VW Group, Germany) x

Audi (VW Group, Germany) x

Toyota (Japan) x


L'oreal (France) x

Nivea (Germany) x

Lancome (France) x

Dove (Unilever, Netherlands) x Gillette (Procter & Gamble, USA) x

Estée Lauder (USA) x

Schwarzkopf (Henkel, Germany) x L'Occitane en Provence (France) x Neutrogena (Johnson & Johnson, USA)

Chanel (France) x

Consumer electronics Apple (USA)

Samsung (South Korea) x

Nokia (Finland) x

Dell (USA) x

Sony (Japan) x

Panasonic (Japan) x

Hewlett-Packard (USA) x

Toshiba (Japan) x

Fujitsu (Japan) x

LG (South Korea) x

Software and computer services

Google (Alphabet, USA) x

Amazon (USA) x

Facebook (USA) x

Netflix (USA) x

Twitter (USA) x

Microsoft (USA) x

Spotify (Sweden) x

Zalando (Germany) x

Adobe Systems (USA) x

Alibaba x

Total 74 9 1

88,10% 10,71% 1,19%

Appendix E – Real-life cookie banners

1. Banks

HSBC - 17.04.19

Deutsche Bank - 17.04.19

BNP Paribas - retrieved 17.04.19

Santander - 17.04.19

ING Groep - 17.04.19

Nordea - 17.04.19

Danske Bank - 17.04.19

Uni Credit - 17.04.19

UBS - 17.04.19

KBC - 17.04.19

2. Insurance

Allianz Group (Germany)

AXA (France) 23.04.19

Generali (Italy) 23.04.19

Zurich Insurance Group (Switzerland) 23.04.19 No banner

Prudential (U.K.) 23.04.19 No banner

AEGON (Netherlands) 23.04.19

MAPFRE (Spain) 23.04.19

XL Catlin (Ireland) 23.04.19

Ageas (Belgium) 23.04.19

Vienna Insurance Group (Austria) 23.04.19

3. Airlines

Lufthansa (Germany) 23.04.19

Ryanair (Ireland) 23.04.19

British Airways (U.K.) 23.04.19

Iberia (Spain) 23.04.19

Air France (France) 23.04.19

KLM (Netherlands) 23.04.19

Easyjet (U.K.) 23.04.19

Wizz Air (Hungary) 23.04.19

SAS (Sweden) 23.04.19

Norwegian (Norway) 23.04.19

4. Fashion

Louis Vuitton (France) 23.04.19

Nike (USA) 23.04.19

Zara (Inditex, Spain) 23.04.19

Dior (France) 23.04.19

Gucci (Kering, France) 23.04.19

Hermés (France) 23.04.19

No cookie banner - do use third party and personal cookies

Cartier (Richemont, Switzerland) 23.04.19

Adidas (Germany) 23.04.19

Oakley (Luxottica, Italy) 23.04.19

No cookie banner - Do use personal cookies

H&M (Sweden) 23.04.19

5. Energy

Royal Dutch Shell (Netherlands) 23.04.19

BP (U.K.) 23.04.19

Total (France) 23.04.19

E.ON (Germany) 23.04.19

ENI (Italy) 23.04.19

Siemens Gamesa (Spain) 23.04.19

Equinor (Norway) 23.04.19

Vestas (Denmark) 23.04.19

Ørsted (Denmark) 23.04.19

Glencore (Switzerland) 23.04.19

6. Automotive

Volkswagen (VW Group, Germany) 23.04.19

Renault (France) 23.04.19

Ford (USA) 23.04.19

Peugeot (PSA Group, France) 23.04.19

Opel (PSA Group, France) 23.04.19

Mercedes Benz (Germany) 23.04.19

BMW (Germany) 23.04.19

Skoda (VW Group, Germany) 23.04.19

Audi (VW Group, Germany) 23.04.19

Toyota (Japan) 23.04.19

7. Cosmetics

L'oreal (France) - 23.04.19

Nivea (Germany) - 23.04.19

Lancome (France) - 23.04.19

Dove (Unilever, Netherlands) - 23.04.19

Gillette (Procter & Gamble, USA) - 23.04.19

Estée Lauder (USA) - 23.04.19

Schwarzkopf (Henkel, Germany) - 23.04.19

L'Occitane en Provence (France) - 23.04.19

Neutrogena (Johnson & Johnson, USA) - 23.04.19

Does not have a cookie banner nor is it possible to access their cookie policy.

Chanel (France) - 23.04.19

8. Consumer electronics

Apple (USA) - 29.04.2019 No cookie banner

Samsung (South Korea) - 29.04.2019

Nokia (Finland) - 29.04.2019

Dell (USA) - 29.04.2019

Sony (Japan) - 29.04.2019

Panasonic (Japan) - 29.04.2019

HP (USA) - 29.04.2019

Toshiba (Japan) - 29.04.2019

Fujitsu (Japan) - 29.04.2019

LG (South Korea) - 29.04.2019

9. Software and computer services

Google (Alphabet, USA) - 29.04.2019

Amazon (USA) - 29.04.2019

Facebook (USA) - 29.04.2019

Netflix (USA) - 29.04.2019

Twitter (USA) - 29.04.2019

Microsoft (USA) - 29.04.2019

Spotify (Luxembourg) - 29.04.2019

Zalando (Germany) - 29.04.2019

Adobe Systems (USA) - 29.04.2019

In document Are You Sure, You Want a Cookie? (Sider 86-128)