+44 (0) 121 582 0192 [email protected]


Have you ever pondered the influence you wield through your website design? A smooth and user-friendly design can significantly enhance visitor experiences, fostering loyalty and ease of access. However, this influence can also manifest in less favourable ways, such as pressuring or misleading visitors, especially regarding their privacy and personal data. This article discusses ICO: Tightening Grip on Non-Compliant UK GDPR Cookie Notices.

In a recent position paper, the ICO issued  a joint call to action was made for all organisations, including web designers and developers, to eschew harmful design practices. Such practices potentially strip users of their control over personal data, leading to adverse consumer and competition outcomes.

For instance, design elements that subtly or overtly coerce users into making privacy decisions or make some options more prominent than others can infringe upon data protection laws. These tactics not only raise legal concerns but also ethical ones, potentially distorting users’ choices and infringing on their rights.

A prime example of this is the handling of cookie consent banners on websites. These banners should offer a balanced choice, making it equally straightforward for users to accept or reject non-essential cookies. The Information Commissioner’s Office (ICO) in the UK is now rigorously assessing these banners on widely used websites and is poised to take action against those that employ harmful design tactics.

Why is this crucial? Users’ choices on your website can have lasting effects, influencing their online experiences long after they’ve left your site. For instance, someone who inadvertently consents to all cookies might be bombarded with unwanted advertisements, significantly impacting their well-being.

The ICO-Article paper titled “It’s time to end damaging website design practices that may harm your users underscores the dangers of such designs. It also guides ethical and legal design practices, emphasizing the intertwining of competition and data protection laws.


Effective Design

Effective and responsible online design can empower users, fostering trust and informed decision-making regarding personal data usage. Achieving this requires:

  1. User-Centric Design: Develop online interfaces that resonate with your customers’ interests and preferences.
  2. Empowering Design Choices: Facilitate user empowerment in controlling and understanding how their personal information is used.
  3. Evidence-Based Design: Implement rigorously tested and trialled designs, ensuring they are rooted in solid evidence.
  4. Legal Compliance: Ensure your designs comply with data protection, consumer, and competition laws.

The ICO has made it clear that non-compliance will attract enforcement actions, especially where designs pose risks or harm vulnerable individuals. The Competition and Markets Authority (CMA) echoes this stance, prioritising tackling issues stemming from harmful designs through its enforcement powers.

Through the Digital Regulation Cooperation Forum, these bodies are committed to curbing harmful design practices to ensure digital markets align with consumer interests.



The clampdown on non-compliant cookie notices is not just a regulatory issue but a call to align digital ethics with legal standards. By adopting user-centric, legally compliant, and empowering design practices, organisations can navigate these regulatory waters while fostering trust and transparency with their users. The journey towards compliance is not just a legal obligation but an opportunity to redefine the digital experience in favour of consumer rights and privacy. With the support of services like Formiti Global’s Outsourced Data Protection Officer, companies can ensure they are at the forefront of compliance and ethical data management. Look out for Part two of this article which will give you a guide on how to design and implement a compliannt cookie notice.