Secondhand Lions GDPR Cookie Consent Privacy Taste Test

I was challenged by readers in my previous post “Real World Consent Translated to Digital” to describe a digital experience that follows the seven key factors derived from the traveling salesman in Secondhand Lions (SHL).

We are weeks past the start of GDPR (+4) and in addition to being flooded with emails trying to keep you on mailing lists, you have probably noticed some changes in cookie consent banners on web sites.  I’ve mocked up a privacy taste test, if you will, by looking at 4 examples of post GDPR cookie consent to illustrate how well companies are following the SHL traveling salesman’s 7 keys to successful digital interactions.

Cookie Consent is not the end all be all of evaluating a company’s privacy stance, but it is the most immediately visible and why it was chosen to illustrate keys 1-5.  If you are not identified, cookies are mostly collecting semi-pseudonymous data based on your internet browsing.

Official Rules of the SHL Cookie Consent Privacy Taste Test

Below are the seven SHL key factors to advertising digital interactions:

  1. Respecting privacy
  2. Being transparent
  3. Asking for consent, realizing that consent can be withdrawn at any time
  4. Being clear about what he was asking consent for
  5. Earning trust
  6. Offering value – consent and trust got the brother’s “off the porch” and value determined further interaction
  7. Personalizing value and tailoring convenience

The goal of these seven keys is to win consumer trust to begin a conversation in which the advertiser can present something of value to the consumer.  Ultimately, brands and advertisers want to get to a two way conversation with consumers at Key 7.  Brands will be evaluated on how well keys 1-4 earned trust, key 5.  Keys 6 and 7 are for another day and another post that evaluates personally identifiable information.

Key 1 – Respecting privacy:  We need a working definition to evaluate Key 1.  Combining two definitions of privacy from Westin and Wolfe (see post discussing what we mean by the right to privacy) we can define digital privacy as:

The right to control who watches or learns about you and maintaining that control over your personal information.

Key 2 – Being transparent:  I would call this the Hub McCann test after the encounter where Hub tells the traveling salesman hiding behind the car “to come out where we can see you”.  Does the brand show us what they are doing with our data?

Key 3 – Asking for consent that can be withdrawn at any time

Key 4 – Being clear about what you are asking consent for.

The approach and execution of Keys 1-4 will determine the level of trust earned – key 5.  Brands will be scored in each category using the following scale:  0 = Fail; 1 = Low; 2 = Medium; 3 = High

Brand A

Landing on the site of Brand A shows a cookie consent banner on the bottom of the screen on 5/29/2018 seen in figure 1 below.

Figure 1

The site informs you that they use cookies for your experience benefit.  Then they ask you to accept the cookie blindly or choose a cookie preference.  This notice fails in the Key 4 criteria which is why they changed it as of 6/7/2018 to the following notice in figure 2 below.  It really wasn’t clear what they were using the cookies for.

Figure 2

They are now giving us some examples from which we can make an informed decision to “Accept All Cookies”.  This is an improvement on the clear and understandable language of transparency from their original attempt.

You can choose to control how your data is collected and used by clicking on “Cookie Preferences” and a pop up sidebar on the left hand side of the screen appears illustrated in figure 3 below.

Figure 3

Brand A has divided their cookie preferences into 3 categories:

  1. Necessary Cookies –no control
  2. Functional Cookies – You have a choice of all on or all off for functional cookies. It however lacks full control and transparency.  It is one thing to analyze general website usage.  It is another to tell me you are going to suit my needs and improve my user experience.  This sounds like personalization that requires profiling me, but it is unclear.  If I want good website performance, I have to also accept personalization which is implied but not disclosed.
  3. Marketing Cookies – I understand I am going to be profiled if I accept these cookies. Intent is there, but it is not transparent who is going to get my data.  This statement lacks the clarity required by transparency, and the choice is all or nothing based on insufficient information.  Are they sending my data to 5 ad agencies or 250 ad agencies?  It is too general to be transparent, what are they hiding?

Brand A is a good example of doing the minimum to achieve compliance.  They do have a link for more information where we can visit their Privacy Policy which was effective the night before GDPR in clear and understandable language vs. legalese.

Brand B

Brand B’s cookie consent banner below (figure 4) gives the cookie intent with examples and data sharing activity along with a link to a cookie specific policy.  You have the choice to accept the cookie, or visit the cookie settings.

Figure 4

Clicking on Cookie settings opens a Privacy Preference Center (figure 5) with 4 categories of cookies to opt-in to and 2 information tabs.  They are transparent and clear with the intent, and they list the specific cookies used for each category.  I have control of each category, and I don’t have to accept profiling to get good site performance.  This site had 49 targeting cookies which had to be accepted all or nothing.

Figure 5
Brand C

Brand C’s cookie consent banner is brief, but straight forward (Figure 6).   They list 3 ways cookies are used and offer a link to their more detailed cookie notice.  If you don’t agree to the cookies, you can click on manage and a cookie control box pops up (Figure 7).

Figure 6
Figure 7

Brand C gives full control to check which of the 5 cookie categories you opt into or in this case out of.  They also allow you to opt out of each of their 265 cookies spread over 61 screens averaging 4.3 partners per screen.

Brand D

Brand D has really done nothing more than meet the pre-GDPR EU cookie notice pictured below (figure 8) with a link to a privacy policy and an accept button.

Figure 8

They give no real control, and they are not transparent about what is being done.  Your only choice is to accept or deny the cookie – all or nothing.

Taste Test Results

Brand D is not respecting privacy or being transparent and is likely not compliant.  Brand A is the example of doing the minimal for compliance.  As such, Brand A fails to meet the SHL transparency test of “coming out where we can see you” as we have no idea what 3rd parties are getting our data.  Choice and control are also limited.  Overall, Brand A is compliant, but is not respecting privacy or being transparent enough to warrant much trust.

Brands B and C are both respecting privacy and being transparent.  Brand B has the better UX design and is clearer, but Brand C gives more control.  Brand B could use more control as it prevents me from having personalization from say Google but not Facebook.  Both have moved beyond compliance and are winning trust.

Companies who actually respect privacy will make it easy to choose and maintain control of personal information.  Their efforts will be rewarded with greater trust.

Advertising Implications

The take away of this taste test is that compliance with no change in respecting privacy, transparency, control, and consent loses out to those who go beyond compliance.  The foundation of successful digital interactions is trust and merely complying doesn’t win that trust.

Smart companies will respect privacy before they are compelled to do so.  In a Post-GDPR world, this means that people outside of the EU are not treated with less respect for their privacy than EU citizens.  Companies may want to consider the messages they are sending about who they are if they are complying with EU citizens’ data privacy but continue business as usual for those outside the EU.  Respecting privacy wins in the new era of Advertising and Analytics done correctly.  What you waiting for?  Get your audience off the porch with transparent privacy and engage on the level of personalization (SHL Key 7) that leads to higher value relationships.

Comments are disabled here to consolidate replies here on Linkedin.

Real World Consent Translated to Digital

Tsvi Lev recently commented about the Facebook data violations and the impending regulation by saying,

“This is NOT the end of analytics – it is the dawn of properly used analytics.”

New regulations requiring explicit consent have the potential to significantly change business models in advertising.  Consent may disrupt or consolidate many of the Ad Tech players in the market today who can’t or fail to change their business operations.  It is no secret that since the dawn of the internet cookies, Ad Tech hasn’t really been concerned about privacy.  For those companies, new regulation may be a day of reckoning, but it doesn’t have to be.

Back to the Future

We need to look back at the door to door salesman to understand what digital advertising has ignored as it assembled your shadow digital profile.   In a lot of ways, those salesmen were like internet opportunities.  When the salesman approached a potential customer they had seconds to connect with a customer before the door was shut in their face just like the 10s limit users will give you before moving on to another site.

The movie Secondhand Lions (SHL) nails the process of the door to door salesman getting consent before making a pitch and ultimately winning the sale.  Think about this guy’s sales approach as a parallel model for digital advertising as we walk through the wrong and right approach in three acts.

Act 1 – The Wrong Approach

The SHL scene opens on a rural Texas farm with a long drive that ends in front of a dilapidated wrap around porch.  Two old bachelors are sitting on the porch with their soon to be adopted nephew drinking ice tea.  Word has spread through the small town that these two have more money than they can spend which puts them in the demographic salesmen only dream about.

Each salesman drives on the brother’s private property, gets out of the car and immediately begins to pitch their goods.  Shortly after getting out of the car and beginning to speak, each salesman is greeted with multiple gunshots being fired over their heads as a warning.  The old bachelors are defending their private property from uninvited solicitations, and no sales are made.

The pitch was uninvited, initiated as a trespass on private property, and showed no respect for the two brothers.  The brothers responded by enforcing their privacy rights.

Act 2 – Personalization Done the Right Way

The next sales scene opens with the brothers and nephew on the porch again drinking tea with their shotguns when one brave salesmen comes out for a second attempt at approaching them.  He has a completely new approach.  Now he has a respect for their privacy rights and comes out waving a white flag and asking them not to shoot.  The reaction of Michael Cain’s character is “He’s been here before, this is no ordinary salesman, this guy is good”.

He addresses them by name and asks if they can talk (respect for their privacy and asking for consent).  Now instead of shots being fired, a two way discussion begins to take place.

The conditions for the continued conversation are laid down.  Robert Duvall’s character, Hub, tells the salesman to come out where we can see you (transparency).   The salesman asks them to put their guns down so he can show them what he has brought for their consideration (clear intent).  The salesman tells them to trust him (he treated them like people not demographics and showed respect for their privacy).  Hub agrees to hear what he has to show them, but then says “afterwards we’ll shoot him” (consent is not permanent and can be withdrawn at any time).

The salesman’s opening pitch is a changed approach.  He then goes on to say “due to the unsettling nature of our previous encounter, I searched the world over for the perfect item that would be just right for two exuberant sportsman such as yourself.”  Wow-quite a change, let’s look at what he did:

  1. He admitted that his first approach was wrong
  2. He searched for an item that would be of personal value to them
  3. He segments them into a group, exuberant sportsman, that they want to identify with (more appealing than rich guys with money to burn).

The salesman then shows them something that they didn’t know existed – a sporting clay launcher that even a kid can operate.  He brought them something he knew they would want.  This guy put some thought into analyzing the brothers as people and not customers to be fleeced.  His pitch starts with the statement that until now, only the heads of state could have such a product, and I am bringing to you the most powerful model at a reasonable price.  Needless to say, they buy the product.

This is personalization done right.  The salesman asked permission to speak to them.  He has come with something he knows they will want because he analyzed their first encounter.  He democratizes something previously out of reach to the common person.  He gives them quality at a fair price.  They didn’t even have to leave their house or exert much effort to have it.

Act 3 – The Final Sale

The movie ends with the nephew returning to the house after the brothers have died.  Anchored in small pond in the front of their property is a massive yacht barely floating in the shallow water.  When asked about the yacht in the ridiculously small pond, the nephew responds by saying “There was this traveling salesman…”

This one salesman succeeded where others failed by following a new model of sales that we should imitate in the digital world.  He demonstrated 7 key factors that serve as a template for digital interactions by:

  1. Respecting privacy
  2. Being transparent
  3. Asking for consent, realizing that consent can be withdrawn at any time
  4. Being clear about what he was asking consent for
  5. Earning trust
  6. Offering value – consent and trust got the brother’s “off the porch” and value determined further interaction
  7. Personalizing value and tailoring convenience

So, by asking for consent in a way that gave the potential customer control, choice, and transparency, the salesman gained trust.  He was then able to present them something that was of personal value to them.

These 7 key factors should be translated into the digital advertising world so that the door to personalization is opened by consent.  What was really gained was more than a customer.  These factors started a two way relationship that lasted a lifetime and exponentially multiplied the investment that was made in securing consent by trust and value.

Where does the Digital Advertising world need to go from here?

How do Facebook and digital advertisers move forward in the face of impending regulation?  A good start would be to admit to the public like our salesman “due to the unsettling nature of our previous encounter,” I will respect your privacy, be transparent with how we collect, process, and use your data, ask you if I can use your data, and provide you with something you value.

Each new data breach exposes to the general public how their privacy is being violated, and armed with that knowledge, they are starting to fire warning shots.  When companies realize that privacy by design is a requirement, this change will be “the dawn of properly used analytics” as Tsvi Lev stated.

Let the right personalization begin.

Comments can be posted as replies on Linkedin.

For Your Entertainment

Here are the links below to the Secondhand Lions scenes referenced in this blog.  You will probably find additional advertising insights of your own and a good laugh.

The wrong approach:

The right approach:


By clicking on the YouTube links, you will leave the DataEDEN blog site.  The Ad Tech world will be sending your personal viewing information back to Google to serve you relevant ads at some point in your digital journey.

I found Secondhand Lions to be entertaining and funny with some mild language.  It illustrates enforcing consent choices with an intersection of  the 2nd Amendment being used to enforce the 4th Amendment which some might find offensive.  I do not endorse certain implied philosophic assertions concerning the foundations of belief, the importance of history, and the nature of truth contained in the movie.