Regulator: “Harmful” Web Design Could Break Data Protection Laws – Infosecurity Magazine

UK / EMEA News Reporter, Infosecurity Magazine
The Information Commissioner’s Office (ICO) has warned UK companies that it will take enforcement action against those that use website design tricks to encourage consumers to hand over excessive amounts of personal information.
The data protection regulator teamed up with the Competition and Markets Authority (CMA) to publish a new position paper yesterday: Harmful design in digital markets: How online choice architecture practices can undermine consumer choice and control over personal information.
It sets out the main pitfalls of harmful web design and what organizations should be doing instead.
ICO executive director of regulatory risk, Stephen Almond, argued that some of these design practices are extremely subtle and may have gone on for some time across thousands of websites.
Read more on web design: UX Design is Key to Creating Privacy Controls that Unlock Value
However, if they trick users into giving away more data than they would otherwise, such practices may break data protection laws.
“These website design tricks can have real and negative impacts on consumers’ lives. For example, if someone is recovering from a gambling problem, being steered to ‘accept all’ cookies can mean being continually bombarded with betting adverts, which could be incredibly harmful,” Almond added.
“We want to make consumers aware of these potentially harmful techniques to help them protect their data online – and, if necessary, make informed choices about which websites they choose to frequent. Businesses should take note that if they deliberately and persistently choose to design their websites in an unfair and dishonest way, the ICO will not hesitate to take necessary enforcement action.”
Among the things the ICO and CMA want to stamp out are:
The ICO/CMA report urges companies to put users at the heart of their design choices, empowering them with choice and control. Organizations should also test and trial any new design choices and always consider the data protection, consumer and competition law implications of new practices, it says.