While companies increasingly rely on data, especially when it comes to targeted advertising, adapting content to users, selling data and training machine learning models, the collection of data raises privacy concerns. One way of collecting data is by using HTTP cookies when interacting with a website. Legal regulations require service providers to collect consent for some forms of cookie collection, which is often acquired through \emph{cookie consent banners}, but their effectiveness has been debated. This study aims to understand what influences users' experience and behaviour when managing their cookie consent, by investigating the gap between their stated privacy preferences and their actual actions. A mixed methods approach was used, collecting data from a usability test and a survey (N=20). The results showed that although participants generally want to reject cookie collection, they often end up accepting because of deceptive patterns in the cookie consent banner design. It also showed that they were more willing to consent to websites they trusted and if they expected it would improve their user experience. Although the current EU legislation states that withdrawing consent must be as easy as giving it, withdrawing consent took on average more than 20 times longer than giving it. This suggests that cookie consent banners in their current form are not ideal with respect to user autonomy, often leading users to \emph{consent by design}.

翻译：随着公司日益依赖数据，尤其是在定向广告、用户内容适配、数据销售及机器学习模型训练等方面，数据的收集引发了隐私担忧。数据收集的一种方式是在与网站交互时使用HTTP cookie。法律规定服务提供商必须为某些形式的cookie收集获取用户同意，这通常通过*cookie同意横幅*实现，但其有效性备受争议。本研究旨在通过调查用户声明的隐私偏好与实际行为之间的差距，理解影响其管理cookie同意时的体验和行为因素。采用混合方法，从可用性测试和问卷调查（样本量N=20）中收集数据。结果表明，尽管参与者普遍希望拒绝cookie收集，但由于cookie同意横幅设计中的欺骗性模式，他们常常最终接受。研究还显示，参与者更愿意信任的网站表示同意，并预期这能改善用户体验。尽管现行欧盟法规规定撤销同意必须与给予同意同样简便，但撤销同意的平均耗时比给予同意长20倍以上。这表明，当前形式的cookie同意横幅在用户自主性方面并不理想，往往导致用户“设计中的同意”。