There’s a very specific kind of irritation that hits you when you land on a website these days. Before you can read a headline or click a product, up comes the cookie banner. Fair enough. We all know the drill. You’re told you can accept all, reject non-essential, or manage your preferences. You think, “Brilliant, I’ll actually tailor this.” You click through, only to find yourself in a swamp of toggles, endless vendor lists, and fine print.
This isn’t a choice. It’s theatre. Most banners are designed to nudge you toward submission. “Accept All” is big and bright. “Reject All” is often hidden, greyed out, or buried under several additional clicks. Even when you switch off every single consent toggle, they quietly flick the switch back on under “legitimate interest.” That phrase, dressed in legal respectability, gets used to justify profiling, segmenting, and even data matching across platforms. All without a shred of real consent.
Let’s call this what it is. Dodgy.
People aren’t stupid. We know ads pay for content. We’re not demanding a world with no marketing. But there’s a clear line between showing someone a relevant ad and harvesting their behaviour across multiple touchpoints, often invisibly, for profit. And the use of “legitimate interest” as a backdoor is now so abused that it makes a mockery of the GDPR it hides behind.
Some of these practices sound almost cartoonish when you spell them out. You say no to tracking, and the site goes, “Sure, we won’t track, we’ll just observe, connect, segment, and infer.” Then that information gets blended with third-party insights from apps you’ve never even opened, wrapped up in some pseudonymised ID, and auctioned off in real time.
This isn’t just bad privacy. It’s bad faith.
Consent is supposed to be freely given, informed, specific, and unambiguous. There’s nothing informed about forcing people to decipher twenty vendors’ privacy policies. There’s nothing freely given about hiding the opt-out path behind dark patterns. And there’s definitely nothing specific about blanket legitimate interest justifications for everything from location tracking to biometric data profiling.
And still, companies pat themselves on the back for being transparent. They say things like “we respect your choices” while implementing systems designed to grind people down. Most users don’t even get past the first screen. They give in, just to access the content they came for. It’s not consent. It’s exhausting.
The worst part is that this isn’t necessary. There are plenty of businesses out there showing you can deliver personalisation, relevance, and even targeted ads without treating people like lab rats. But that requires more effort, a bit less greed, and a little respect for the spirit of the law, not just the letter.
Regulators know this too. The ICO and other DPAs across Europe have taken aim at dark patterns and misleading consent practices. Some enforcement has landed. But too often, the companies who shout loudest about compliance are the ones gaming the system behind closed doors.
You’ll hear some tech folks say it’s all too complex, that the ecosystem is big and messy and hard to control. But somehow, it’s never too complex to create seamless ad experiences, cross-device matching, or real-time bidding systems. Funny how the complexity always shows up when user rights are involved.
The truth is trust is bleeding out of the internet. People feel watched, manipulated, and strung along. They’ve learned that “manage preferences” really means “go on, try and say no, we dare you.” And if we let legitimate interest be twisted into a universal tracking licence, nothing will change.
So here’s a simple request to the ad-tech world. When someone clicks “no,” let it mean no. Not “we’ll find another way.” Not “but we’ve decided this is fine.” Just… no.
Because if you can’t build your business without tricking people into saying yes, then maybe it’s your business model that’s the problem.
- business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com
