Want to make a success of your digital product?

Learn about our free product clinic. 

Illustration of cookie dressed as a pirate guarding a treasure chest filled with users data
Opinion

Organisations broke the web to comply with GDPR.

Cookie banners and privacy notices are thrust in our faces every time we visit a website, often before we know if a particular page contains the information we’re looking for. Most of us are putting up with this crappy experience and accepting it as the new normal.

It doesn’t have to be this way.

The purpose of GDPR

In recent years, the value of personal data has increased to a point where it’s seen as one of the most valuable commodities in our data-driven economy. GDPR was brought in to regulate this new age land grab and make sure that organisations inform people of the data they collect, process and share about them.

It was also designed to change organisational behaviour to align with the principles of privacy by design:

UK GDPR requires you to put in place appropriate technical and organisational measures to implement the data protection principles effectively and safeguard individual rights. This is ‘data protection by design and by default’

ICO

GDPR was meant to be a step in the right direction, but it hasn’t exactly had a positive impact on the web. Instead of changing their behavior around personal data collection, most organisations have chosen to add an additional layer of legal bureaucracy, resulting in an unpleasant user experience with reams of legal small print.

The current state of the web

Because of GDPR, we all suffer the indignity of navigating our way through cumbersome cookie consent forms and confusing legal notices just to access a web page. Below is an example of how Sky ensures their compliance with GDPR. They are legally required to inform you of the data they’re going to collect, process and share about you, but in all likelihood, if you want to access their website you’re just going to press ‘Accept’ without hiring a lawyer to review the small print. The whole process has become a jumping through hoops exercise at the expense of the end user.

Screenshot the Sky Sports privacy permission banner
56.6% of companies that utilised a cookie banner with opt-in consent did not, in fact, alter the quantity of cookies deployed based upon whether a visitor agreed to the banner or not.

A study by Bryan Cave Leighton Paisner carried out in March 2020 revealed that 56.6% of companies that utilised a cookie banner with opt-in consent did not, in fact, alter the quantity of cookies deployed based upon whether a visitor agreed to the banner or not. Pretty astounding when you think about it.

It doesn’t have to be this way

There are more effective approaches to GDPR compliance that organisations can take but surprisingly few do. By focusing on privacy first and by lowering your appetite for gathering and controlling personal data, it is entirely possible to offer an improved online experience whilst doing less work and incurring fewer costs.

Putting our money where our mouths are

In the spirit of acting in congruence with our words, we’ve doubled down on our approach to privacy by design. You may have noticed that you weren’t asked about cookies when you hit our website. That’s not because we’re breaking the rules, it’s because we’re just not tracking your every move. If you’re interested you can read more about the cookies that are set on wemakewaves.digital. In the spirit of the #NoSoftware movement, by thinking differently, we’ve been able to simplify the user experience, solve the same problem with less code whilst avoiding legal and software maintenance costs.

Here’s how we did it:

  • We replaced Google Analytics with plausible.io, a privacy focused and cookie free analytics service.

    By using Plausible Analytics, all the site measurement is carried out anonymously. Cookies are not set and no personal data is collected. All data is in aggregate only. https://plausible.io/privacy-focused-web-analytics

  • We’ve removed Twitter widgets, we’ve swapped out our embedded Tweets for images so Twitter can’t track you on our website.

    Twitter abandoned their do not track functionality and were tracking visitors to our website to ‘give you more personalised adverts’. That didn’t sit right with us. https://help.twitter.com/en/safety-and-security/twitter-do-not-track

A lot of organisations could do with applying a greater level of critical thinking when it comes to their approach to software development. An approach that removes code, promotes simplicity and good user experience whilst also reducing costs. It’s a win-win and something you’ll find in abundance if you choose to work with us.

We live in hope that telling this story will inspire others to make the same privacy positive changes to their websites and to rid the world of the plethora of unnecessary, ineffective and poorly thought out solutions.


If you have an idea for an innovative digital product or service, why not partner with a company which thinks differently? Let’s chat together@wemakewaves.digital.

We Make WavesWeWork, 41 Corsham StreetLondon, N1 6DR

2021 © We Make Waves® All rights reserved.Registered company: 04023284. VAT no: 766525795.Code of ethicsCookiesPrivacy statement