The Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) are calling for businesses to stop using harmful website designs that can trick consumers into giving up more of their personal data than they would like.
Practices include overly complicated privacy controls, default settings that give less control over personal information and bundling privacy choices together in ways that push consumers to share more data than they would otherwise wish to do. Where consumers lack effective control over how their data is collected and used, this can harm consumers and also weaken competition.
These techniques encourage consumers to make decisions over their personal data as soon as they visit a website – from providing their contact information in exchange for discounts, right through to giving up their control over what advertising is targeted at them through accepting cookies, tiny files that are downloaded onto web users’ computers.
Lack of consumer control over cookies is a common example of harmful design. The ICO will be assessing cookie banners of the most frequently used websites in the UK, and taking action where harmful design is affecting consumers.
ICO research shows that 90% of people are concerned about their personal information being used without their permission, with 50% of people not happy about their personal information being used to suggest adverts to them.
Stephen Almond, Executive Director of Regulatory Risk at the ICO, said:
“Some of these design practices are so subtle and have gone on for so long, you wouldn’t even realise you’re handing over your personal information until it’s too late – and it’s possible these techniques are embedded into thousands of websites across the UK.
“These website design tricks can have real and negative impacts on consumers’ lives. For example, if someone is recovering from a gambling problem, being steered to ‘accept all’ cookies can mean being continually bombarded with betting adverts, which could be incredibly harmful.
“We want to make consumers aware of these potentially harmful techniques to help them protect their data online – and, if necessary, make informed choices about which websites they choose to frequent.
“Businesses should take note that if they deliberately and persistently choose to design their websites in an unfair and dishonest way, the ICO will not hesitate to take necessary enforcement action.”
Will Hayter, Senior Director in the CMA’s Digital Markets Unit, said:
“Online, people routinely hand out their contact details, transaction history and even more sensitive personal data in exchange for ‘free’ things whereas, in person, they might be more likely to turn such deals down. People must be able to choose the data they share and make informed decisions, which is good for privacy and competition. Businesses that stand in the way of that risk action from the CMA or ICO.”
The ICO and CMA are working together for the benefit of consumers to stop harmful design practices.
The CMA will be building on its Rip Off Tip Off campaign that supports consumers by educating and encouraging them to report sneaky online sales tactics. Alongside that campaign, the CMA will continue to use its full range of powers to ensure that misleading selling practices are tackled from all angles, including as part of its Online Choice Architecture work.
The ICO will take enforcement action where necessary to protect people’s data protection rights, particularly where the practices lead to harms for people at risk of vulnerability. There is guidance for the public using services online on the ICO’s website.