UK regulators issue warning over website designs

Declining cookies should be as straightforward as consenting to them

UK regulators issue warning over website designs

The Information Commissioner's Office (ICO) and Competition and Markets Authority (CMA) have urged businesses to stop using "harmful" website designs that can compromise personal data.

In a joint position paper [pdf], the regulators describe how website design could violate data protection regulations.

Additionally, they have published guidelines to help users control their personal data.

Some harmful design strategies include excessively complex privacy controls; default settings that limit users' control over their personal information; and grouping privacy choices in a manner that nudges users towards sharing more data than they would like to.

"These techniques encourage consumers to make decisions over their personal data as soon as they visit a website - from providing their contact information in exchange for discounts, right through to giving up their control over what advertising is targeted at them through accepting cookies, tiny files that are downloaded onto web users' computers," the ICO said.

The regulator specifically highlighted cookie consent banners as an example where it will intervene if it believes consumers are being impacted by harmful design.

Cookie consent banners emerged in response to GDPR mandates and are intended to offer users a decision-making opportunity about the use of cookies on a website.

The ICO says a website's cookie banner should ensure that declining non-essential cookies is just as easy as consenting to their use.

"Users should be able to make an informed choice on whether they want to give consent for their personal information to be used, for example, to profile them for targeted advertising," Stephen Almond, the ICO's executive director for regulatory risk and Will Hayter, the CMA's senior director in the Digital Markets Unit, wrote in a blog post.

"The ICO will be assessing cookie banners of the most frequently used websites in the UK, and taking action where harmful design is affecting consumers."

The regulators are also concerned about the use of default settings.

Defaults require less input from users compared to actively making a choice. They imply a company's suggestion or indicate that these settings are favoured by the majority of users.

Additional practices the ICO and CMA are concerned about include "harmful nudges," which make it easy for a user to make a poor choice, and "sludge," where websites make it difficult for users to choose their desired option.

The ICO also criticised the practices of 'confirmshaming' and 'biased framing'.

The former pertains to a situation where both 'favourable' and 'unfavourable' selections are displayed, and the user is made to feel embarrassment for not choosing the company's preferred option.

Biased framing involves presenting choices in a way that highlights the supposedly presumed positive outcome of a specific selection.

The CMA says it will build on its 'Rip Off Tip Off' initiative, which aids consumers by informing and motivating them to report deceitful online sales strategies.