NEWS10 August 2023

ICO and CMA warn on ‘harmful’ website designs

GDPR News Privacy Public Sector UK

UK – The Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) have called for businesses to stop using harmful website designs to trick consumers into giving up personal data.

Privacy abstract image

The two regulators said that some practices deemed harmful to consumers included overly complicated privacy controls, default settings giving less control over personal information and bundling privacy choices together to push people into sharing more data than they would otherwise.

Other factors included providing contact details in exchange for discounts and through to giving up control over advertising targeting through accepting cookies.

The ICO said it will be assessing cookie banners of the most frequently used websites in the UK, and taking action where harmful design is affecting consumers.

The ICO added that its own research suggested that 90% of people are concerned about their personal information being used without their permission, while 50% of people were unhappy with their personal information being used to suggest adverts.

The CMA will be building on its ‘Rip Off Tip Off’ campaign that supports consumers by educating and encouraging them to report harmful online sales tactics.

Stephen Almond, executive director of regulatory risk at the ICO, said: “These website design tricks can have real and negative impacts on consumers’ lives.

“We want to make consumers aware of these potentially harmful techniques to help them protect their data online – and, if necessary, make informed choices about which websites they choose to frequent.

“Businesses should take note that if they deliberately and persistently choose to design their websites in an unfair and dishonest way, the ICO will not hesitate to take necessary enforcement action.”

Will Hayter, senior director in the CMA’s Digital Markets Unit, said: “Online, people routinely hand out their contact details, transaction history and even more sensitive personal data in exchange for ‘free’ things whereas, in person, they might be more likely to turn such deals down.

“People must be able to choose the data they share and make informed decisions, which is good for privacy and competition. Businesses that stand in the way of that risk action from the CMA or ICO.”