Invisible, Unreadable, and Inaudible Cookie Notices: An Evaluation of Cookie Notices for Users with Visual Impairments
Janice M. Clarke, Maryam Mehrnezhad, Ehsan Toreini · 2024 · ACM Transactions on Accessible Computing · doi:10.1145/3641281
Summary
This study investigates the accessibility of cookie notices for users with visual impairments (VI), combining automated testing of 46 top UK websites with a user study of 100 participants who use assistive technology. The researchers employed multiple testing approaches: WAVE and Google Lighthouse for automated accessibility audits, WebbIE (a text-only browser) for structural analysis, and manual testing with JAWS and NVDA screen readers. The research addresses a critical intersection of privacy law and accessibility—the GDPR and ePrivacy Directive require websites to obtain informed consent for cookies, yet if cookie notices are inaccessible, users with VI cannot give or withhold meaningful consent. The methodology covered both technical compliance testing and real-world user experience, recruiting participants through Prolific Academic who self-identified as having visual impairments and using assistive technology. The technical analysis examined multiple dimensions: automated error detection, presence and quality of headings, keyboard navigability, timing of when cookie notices are read aloud, and whether button purposes could be determined through screen reader output. The user study explored how participants actually interact with cookie notices, what problems they encounter, and their emotional responses to these interactions.
Key findings
93.3% of tested websites contained at least one accessibility error, with 77.8% having contrast errors that violate WCAG minimum guidance. Only 57.1% of cookie notices were read immediately upon page load—the rest required users to navigate through other content first, sometimes missing the notice entirely. Keyboard navigation presented significant barriers: while 82.9% of sites were keyboard-navigable with JAWS, some trapped users within the cookie notice with no way to escape, directly contradicting WCAG 2.1.2 (Level A). 31.4% of cookie notices had no headings whatsoever, making them difficult to locate and navigate. In the user study, 81% of participants had encountered accessibility issues with cookie notices. The most common problems were unclear response options (28%), being unable to leave the cookie notice (28%), and being unable to answer at all (28%). Half of participants expressed negative feelings about cookie notices. When asked about responsibility, participants identified website developers (77%), policymakers (48%), and accessibility evaluation designers (24%) as accountable parties.
Relevance
This research exposes a fundamental conflict in current web practices: privacy regulations mandate consent mechanisms that are themselves inaccessible to many users. For accessibility practitioners, this highlights that legal compliance (GDPR) and accessibility compliance (WCAG) must be considered together, not in isolation. The practical recommendations are immediately actionable: place cookie notices early in the DOM so screen readers encounter them first, include headings for navigation, ensure keyboard operability without traps, and maintain sufficient contrast. Critically, the study shows that automated testing tools alone miss many issues—manual testing with actual screen readers remains essential. The finding that 79% of participants want accessibility-by-design built into websites reinforces that retrofitting accessibility is insufficient. Organizations should integrate accessibility testing specifically for privacy-related UI elements into their quality assurance processes, recognizing that inaccessible cookie notices may constitute both accessibility violations and GDPR non-compliance.
Tags: screen readers · visual impairments · privacy · web accessibility · cookie consent · user study · GDPR compliance · assistive technology
Standards referenced: WCAG 2.1 · WCAG 2.2 · GDPR · ePrivacy Directive