Why popups are back in the modern web
Living in the suburbs of London, I find myself commuting into London town on occasion. As many commuters before me have done and as many more will do, I read articles on my phone. Something has changed recently though, you may remember the torrent of emails that flooded your inbox, the month when companies realized they had to conform to the General Data Protection Regulation (GDPR) and inform you what your digital rights were, what personal information they would be using and why. Almost every website you visit now informs in one way or another that,
Exploring the web is now a bombardment of popups and adverts, akin to the days of the early web where you could be bombarded by rampant popups on a minute by minute basis. It’s not that bad, but it does gradually erode your willpower and with every “Accept” button I tap, I care less and less. If anything, it fuels my frustration when following a link lands you in yet another negotiation about cookies or privacy. Don’t get me wrong, the legislation is a step forward for the rights of every person whom, in a digital age are relinquishing more and more personal information than ever before; but it has come at a cost. It doesn’t have to be this way though, so what are the benefits of the GDPR and do we have to continue to deal with the annoying banners, popups and notifications about cookies and privacy?
You can move your personal data to another service/website/app freely. This could take many forms but could often be as simple as allowing you to save your data in a readable format so you can import to whatever new place you choose.
You have the right to object to automatic profiling. Some information may be used to discriminate against you or market to offer targeted marketing. You can request that this information is disregarded.
Update your details freely. Sounds simple enough but this also includes advertising preferences and consent to how your data is used. Just because you agreed to something in the past, doesn’t mean you should be locked in forever.
You have the right to request that your data is deleted. You may not want an old profile sticking around to haunt you.
This is the right that has the biggest impact on daily web activities. You should be informed what data is being used by the website, what is being done with your data, who it’s being shared with and how long the website intends to keep it. This most often takes the form of the banners we all know and hate.
You may be asking, “Why is this a problem? It’s better to know how my data is used so I can make the decision!” and you’re right. It is a right to know how our data is being harvested and whether we should allow a site to do so. What I am proposing is a way to get the best of both worlds. To browse the web unfettered by pesky popups and blaring banners begging for your attention on every new site you visit. So what other options do we have?
Stepping away from the web for a moment, let’s take a look at some approaches to privacy that have been adopted to various degrees with varying success by some other ecosystems.
The Microsoft Store is a good example of how it lets users know what permissions an app could use before you install it. Although this is not practical for the web, the benefit of a storefront like Microsoft’s, is that each app must define the permissions it wants to use in a manifest. It’s standardized and readable, although it’s unclear how obvious it is to the average user. The difference is, however, each app is required to have these permissions submitted to the store and Microsoft could choose to utilize this information in a variety of ways. It could be possible to filter apps by the permissions they request or for this list of permissions be factored into parental controls.
Apple’s approach on iOS is a little different, the App Store doesn’t explicitly show what permissions an app could request but once you have installed an App, you have control over some important settings. This is an important feature that would be welcomed by myself on the web. Per site permissions in one place would give a much greater level of control over how what permissions we give to sites. Permissions you give a site shouldn’t be fixed forever, websites can change and our trust of websites can too change over time.
Web APIs allow for standardization across web browsers, although each browser vendor can choose how they want to implement the intricacies, there is a common consensus. Some web API’s already exist for what people see as some of the most important forms of privacy. You have to explicitly give your consent if a website wants to do any of the following:
- use your physical location
- access your device’s microphone
- access your device’s camera
So could we have something similar for cookies and other consents mandated by the GDPR? There are some good features in place including Do Not Track but I think there is room for improvement.
I propose a set of preferences stored by the browser’s user account that stipulates how you want your data to be handled by default.
- The kinds of permissions you generally choose would affect every site.
- If a site requests permissions or more data than you’re prepared to give then you have to explicitly give consent but it’s really up to the specification and how browsers want to implement it.
Privacy and data agency is an important right both online and offline. It’s important to know how your data is being used and whether or not you want your data to be used but the current form of communication is a troublesome distraction on the web. It doesn’t have to be, I hope I’ve sparked some interest in seeking change for a more calming web browsing experience in an often busy world.
The cookie icons in this header image are from FontAwesome.