Cookie banners have become a pervasive feature of the modern web, frustrating users who seek a seamless browsing experience. In Europe, consent banners are mandated by an old directive from 2002, the ePrivacy Directive 2002/58, which requires websites to obtain informed consent before storing or accessing information on users’ devices. While the intention behind these regulations is to enhance privacy protection, the actual impact on user privacy is insignificant, as most cookie banners are used to facilitate web analytics, understand user behavior, manage ad efficiency, or keyword traffic. Moreover, actively tracking a user beyond their visit to a website is difficult or borderline impossible for website owners, as it would require a court order.
Understanding the true cost of these consent prompts in the European economy is therefore necessary. Our calculations reveal that collectively, Europeans spend over 575 million hours annually on consent prompts. At a time when the European economy faces significant challenges in competitiveness compared to the US and China as recently highlighted by President Macron, it is crucial to examine the data and the legal framework that underpins these requirements.
The Productivity Cost of Cookie Banners
To grasp the profound impact of cookie banners on European productivity and the economy, we need to break down the calculations. Starting with the total population of the European Union in 2024, which is approximately 449.2 million people, we assume an internet penetration rate of around 90%, resulting in 404.28 million internet users.
On average, a user visits about 100 websites per month, totaling 1,200 websites per year. With about 85% of these websites displaying a cookie banner, a user will encounter about 1,020 cookie banners every year. Assuming it takes an average of 5 seconds per interaction with a cookie banner, this amounts to 5,100 seconds per year per user, or roughly 1.42 hours per year.
Multiplying this by the total number of internet users in the EU, we reach the following total time: 404.28 million users × 1.42 hours/year ≈ 575 million hours/year.
Below is an estimated distribution based on population and internet usage rates:
Country | Population (millions) | Internet Users (millions) | Annual Hours Spent (millions) | Total Cost (€ Billion) |
---|---|---|---|---|
Germany | 84 | 75.6 | 107.35 | 2.68 |
France | 68 | 61.2 | 86.85 | 2.17 |
Italy | 59 | 53.1 | 75.37 | 1.88 |
Spain | 47 | 42.3 | 60.04 | 1.50 |
Poland | 38 | 34.2 | 48.57 | 1.21 |
Netherlands | 17 | 15.3 | 21.73 | 0.54 |
Belgium | 12 | 10.8 | 15.34 | 0.38 |
Sweden | 11 | 9.9 | 14.07 | 0.35 |
Austria | 9 | 8.1 | 11.50 | 0.29 |
Other Countries | 104.2 | 93.78 | 134.18 | 3.35 |
Total | 449.2 | 404.28 | 575.0 | 14.35 |
Note: “Other Countries” encompass the remaining European Union nations.
To translate the lost time into economic terms, we can assign a monetary value to the hours spent on cookie banners. With an average hourly wage in Europe of €25, the total economic cost can be calculated as 575,000,000 hours × €25/hour = €14.375 billion. Considering the EU Annual GDP (2024) of approximately €15 trillion, the economic cost of cookie banners represents: (€14.375 billion ÷ €15 trillion) × 100 ≈ 0.10% of total EU GDP.
To grasp the scale of the productivity loss, we can consider the number of full-time employees (FTEs) that represent the lost hours. Assuming a full-time worker dedicates approximately 2,000 hours annually, 575,000,000 hours ÷ 2,000 hours/FTE = 287,500 FTEs. This means the overall cost of clicking on cookie banners is equivalent to a company of 287,500 employees spending an 8-hour workday clicking on cookie banners.
Do Cookie Banners Really Improve Privacy?
Contrary to popular belief, cookie banners were not introduced by the GDPR but by the ePrivacy Directive 2002/58, at a time when cookies were just becoming known to the public. In response to fears of global surveillance, regulators imposed a general principle of consent before any data could be stored on a user’s communication devices:
“Art. 5.3: Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller.”
The ePrivacy Directive was intended to be updated, but the project never materialized.
Today, most cookie banners are used by organizations to:
- Facilitate web analytics and understand user interactions with their websites.
- Improve user experience by analyzing what content performs well or poorly.
- Manage the performance of advertisements.
For the most part, small businesses use cookies efficiently without precise user identification. Identifying users typically requires a court order to process IP addresses, which is rarely pursued. Therefore, cookie banners primarily serve to mitigate theoretical legal risks rather than enforce extensive user tracking.
It is not to say that some businesses do not use cookies to operate user tracking on a massive scale. Some companies relying exclusively on advertising do share user data with very large pools of partners—sometimes hundreds of ad partners. In that case, cookie banners do offer privacy protections for users.
However, looking at the general scale of the internet, only a very small fraction of websites use mass-scale partnerships as their main economic model.
For users, repeated interactions with cookie banners lead to significant frustration and complete loss of vigilance. The consent fatigue results in users mindlessly accepting terms without proper consideration, thereby undermining the very intent of the regulations. The constant barrage of consent prompts not only reduces productivity but diminishes user satisfaction and erodes trust in online platforms.
Conclusion
The realization that Europeans spend 575 million hours annually clicking on cookie banners highlights a significant, yet often overlooked, economic and productivity drain. These processes deliver minimal privacy benefits and little enhancement to business performance.
In contrast, regulations like the GDPR impose IT security obligations that, while seen as burdensome, contribute to long-term business robustness by ensuring the security of IT systems.
This situation calls for an urgent revision of the ePrivacy Directive—potentially transforming it into a regulation to ensure swift adoption. Exemptions from cookie banners for small and medium-sized businesses (SMBs) using analytics, tracking user interactions on their websites, and managing basic advertising are imperative to mitigate unnecessary economic and productivity losses.
Témoignages
"Legiscope nous permet d'économiser plus de 500 heures de travail de conformité par an ! C'est plus de 3 mois temps plein !"
— Sylvain GraveronWhat is a Supervisory Authority under the GDPR?
What is the Principle of Purpose Limitation?
Does the GDPR Apply to Non-EU Organizations?
The Principle of Data Accuracy in the GDPR
How to Conduct the Triple Test to Assess the Legitimate Interests of the Data Controller (GDPR)
The Role of the European Data Protection Board (EDPB)
Implementing Privacy By Design (GDPR)
Tutorial: how to get a valid GDPR consent
DPO or compliance officer ?
Role and missions of the Data Privacy Officer (GDPR)
What is the Principle of Accountability?
Article 28 of the GDPR: Obligations Imposed on Processors
Designation of the data protection officer (DPO)
What is GDPR ?
The Principle of Data Minimization in the GDPR