Blogs & Articles

14 February 2024
Harmful digital design: Insights from ICO-CMA stakeholder workshop

How digital design shapes our online choices

Have you ever clicked ‘accept’ on a cookie pop-up because there didn’t seem to be any other way to get rid of it, or agreed to the use of your personal information without knowing what that really means?

How choices are presented online greatly influences our decisions. When well designed, choices enable us to make decisions in our own interests, improving our online experiences. However, misleading designs can lead us into choices we didn't intend, undermining our autonomy, potentially reducing our control over our personal information and breaching our rights as consumers.

ICO and CMA cooperate to tackle harmful design practices

The Information Commissioner’s Office (ICO) and the Competition and Markets Authority (CMA) published a joint position paper in August 2023, delving into how certain digital design practices (also called online choice architecture) can undermine consumers’ choice and privacy. The paper offers examples of practices that, if used in the wrong way, may harm consumers or breach data protection laws.

Figure 1 Examples of potentially harmful digital design practices, as set out in the ICO-CMA position paper

Harmful Digital Designs - image 1

To support better design outcomes, the paper outlined a set of expectations of businesses which offer people choices online.

Figure 2 ICO and CMA expectations of firms

ICO-CMA workshop insights

Further insights from industry experts

After publishing the paper, we brought together 80 industry experts for a follow-up workshop for their insights into harmful design.

The workshop generated valuable insights including:

ICO-CMA workshop insights

Resources: ICO’s Privacy in the Product Design Lifecycle guidance and the CMA's work on Online Choice Architecture

Webinar available to watch

Our webinar with stakeholders keen to learn more about the ICO and CMA’s work on harmful design practices is available to watch online: ICO - CMA Webinar 12 Dec 2023 (

Next steps

Late last year, the ICO warned a number of the UK’s top websites that they faced regulatory scrutiny if they did not make changes to the design of their cookie banners to comply with data protection law. This resulted in significant improvements to the design practices on those websites. Going forward, the ICO will continue to identify examples of harmful design practices (including those outlined in the joint position paper). The ICO may take formal regulatory action against businesses which continue to use harmful design practices in ways that it considers to contravene data protection law.

The CMA’s work to enhance meaningful user choice and controls in digital markets includes addressing harmful design. The CMA has an ongoing programme of work to address harmful online choice architecture practices across the economy, including through exercising its enforcement powers as well as undertaking consumer awareness initiatives. Further, the proposed Digital Markets, Competition and Consumers (DMCC) Bill will provide additional tools for the CMA to tackle harmful digital design in relation to the largest digital firms (those designated as having Strategic Market Status).  For example, the DMCC Bill may enable the CMA to require the largest platforms to assess the impacts of their digital design, and to test the effectiveness of remedies it proposes.