Blog / User privacy preferences on my w ...

User privacy preferences on my website

19th February, 2017

I work in digital advertising, and I use my personal website to experiment with the technologies I use at work. Since doesn't generate revenue, it's easy for me to use it to demonstrate meaningful privacy preferences too.

("Meaningful" in the sense of "effective," but not "meaningful" in the sense that no-one visits my site regularly enough to need to use the privacy options; and what I do with my site isn't actually important if it doesn't have a big audience or make any money.)

The digital advertising industry is fond of "optimising" things, but overall the experience of online ads for normal people is very obviously not optimum. Onlne ads are normally ignored: because normally they offer no value to the user. The cost of this wasteage for advertisers, however, is quite low, and overall, for advertisers, online marketing is profitable. So far, there has been little reason to evolve.

Google's beginning to undermine cookies for advertising (January 2017) could prove a watershed moment, because the operation of third party cookies is at the heart of surveillance marketing. I hope online ads will get more expensive for advertisers, as well as more effective; and that login-based "targeting" could be the way we connect customers with the businesses they actually like, on a basis of permission.

What I've done on to give users choice is inspired by the implementation that was using at the time I was working for the BBC. It looks like might have moved on a bit since.

  • When any page loads, it checks for the presence of the privacy cookie. If it's not there, that's because the user has just arrived and hasn't set any preferences, and so the cookie is set with the value "g1d1p1s1"
  • The site's tracking technologies are implemented through a tag manager. The tag manager container is included on every page, unless the privacy cookie value contains "s0"
  • The tracking tags inside the tag manager are triggered conditionally based on the value of the privacy cookie
  • e.g. Google Analytics is loaded only if the privacy cookie contains "g1"
  • e.g. if the cookie value includes "g1d0" then GA is loaded without Advertising Features
  • The privacy page on the site - - features form element "switches," and when users flick the switches, JavaScript updates the privacy cookie value accordingly.
  • The site cookie notice banner includes a link to the privacy page

AMP content presents a challenge for this approach. Google's support for the AMP standard seems like a good idea, but that standard does deliberately limit the use of JavaScript (and page styling). As a result, site privacy preferences whose effect depends on JavaScript and a cookie can't be applied on AMP pages.

On my site's AMP pages, Google Analytics is loaded (without Advertising Features) via the AMP version of the Google Tag Manager container. The cookie notice banner highlights the GA tracking, and can't be dismissed.

The image at the top of this post is cropped from a work by Surian Soosay.