The UK’s Information Commissioner’s Office (ICO) is cracking down on website design practices that could potentially harm users. According to the ICO, cookie consent banners have been singled out as an area of concern where action may be taken if consumers are negatively impacted by the design. These banners have been a response to GDPR requirements, allowing users to choose cookie usage on websites. However, the ICO is set to assess these on frequently used UK websites and take action if harmful design is found.
A joint paper with the Competition Markets Authority (CMA) has detailed how certain design practices can affect a user’s control over their personal information. Among these practices include default settings, which imply a company recommendation or a popular user choice, and bundled consent, where consent for multiple purposes is asked via a single option. The ICO and CMA have expressed worry over these methods as they can lead to users making decisions not in their best interests, like unknowingly enrolling in auto-renewal subscription plans.
Other practices drawing attention are “harmful nudges” and “sludge”. These terms refer to making it easy for users to make a poor choice and making it difficult for them to select their desired options respectively. However, the ICO recognizes that these methods can also guide users towards good decisions if used correctly. Additionally, criticism has been directed towards ‘confirmshaming’ and ‘biased framing’, where choices are presented in a way that pressures users into selecting the company’s preferred option.
In conclusion, both ICO and CMA are urging companies to reconsider their design practices and ensure they align with the ‘data protection by design’ approach as outlined in Article 25 of the UK GDPR. They are keen on making sure user consent is actively given and not manipulated through design practices that could lead to harmful consequences.