Majority of UK websites are still not following proper cookie content practices, despite the General Data Protection Regulation that went into effect in 2018. A new paper from researchers at MIT, UCL and Aarhus University also showed most UK websites don’t conform to the requirements of the GDPR.

The purpose of the study was to determine how consent management platforms (CMPs) affect consent choices. CMPs were designed to help websites conform to the GDPR’s requirements for consent when collecting personal data.

As part of the study, researchers scraped the designs of the five most popular CMPs across the top 10,000 websites in the UK. They found that only 11.8% of websites met the minimal requirements set based on the GDPR.

The researchers also conducted an experiment with 40 participants that investigates how eight common designs affect consent choices. Notification style (banner or barrier) doesn’t have an effect, removing the opt-out button from the first page increases consent by 22-23%, and providing more granular controls decreases consent by 8-20%.

The researchers hope that this study provides a basis for necessary regulatory action to enforce the GDPR, especially focusing on centralized, third-party CMP services as an effective way for increasing compliance.