Two of the UK’s leading regulators have issued a final warning to online businesses to “stop and desist” from using harmful website designs to trick consumers into giving up more of their personal data than they would like or risk a battering and a fine.
The Information Commissioner’s Office and Competition & Markets Authority threat highlights practices such as overly complicated privacy controls, default settings that give less control over personal information and bundling privacy choices together in ways that push consumers to share more data than they would otherwise wish to do.
They maintain that where consumers lack effective control over how their data is collected and used, this can harm consumers and also weaken competition.
These techniques encourage consumers to make decisions over their personal data as soon as they visit a website – from providing their contact information in exchange for discounts, right through to giving up their control over what advertising is targeted at them through accepting cookies.
Lack of consumer control over cookies is a common example of harmful design. The ICO has previously warned that it will be assessing cookie banners of the most frequently used websites in the UK, and taking action where harmful design is affecting consumers.
ICO research shows that 90% of people are concerned about their personal information being used without their permission, with 50% of people not happy about their personal information being used to suggest ads to them.
ICO executive director of regulatory risk Stephen Almond said: “Some of these design practices are so subtle and have gone on for so long, you wouldn’t even realise you’re handing over your personal information until it’s too late – and it’s possible these techniques are embedded into thousands of websites across the UK.
“These website design tricks can have real and negative impacts on consumers’ lives. For example, if someone is recovering from a gambling problem, being steered to ‘accept all’ cookies can mean being continually bombarded with betting ads, which could be incredibly harmful.
“We want to make consumers aware of these potentially harmful techniques to help them protect their data online – and, if necessary, make informed choices about which websites they choose to frequent.
“Businesses should take note that if they deliberately and persistently choose to design their websites in an unfair and dishonest way, the ICO will not hesitate to take necessary enforcement action.”
CMA’s Digital Markets Unit senior director Will Hayter added: “Online, people routinely hand out their contact details, transaction history and even more sensitive personal data in exchange for ‘free’ things whereas, in person, they might be more likely to turn such deals down.
“People must be able to choose the data they share and make informed decisions, which is good for privacy and competition. Businesses that stand in the way of that risk action from the CMA or ICO.”
The CMA will be building on its Rip Off Tip Off campaign that supports consumers by educating and encouraging them to report sneaky online sales tactics. Alongside that campaign, the CMA will continue to use its full range of powers to ensure that misleading selling practices are tackled from all angles, including as part of its Online Choice Architecture work.
The ICO says it will take enforcement action where necessary to protect people’s data protection rights, particularly where the practices lead to harms for people at risk of vulnerability. There is guidance for the public using services online on the ICO’s website.
ICO issues cookie warning despite looming law overhaul
Data reform law ‘on track’ to be passed by the autumn
£4.7bn data reform cost savings branded pie in the sky
Privacy organisations fume at ‘weakened data laws’
It was us wot won it: DMA claims Data Bill success
Govt keeps ‘best of GDPR’ as data reforms are revised
Where will we be in 2023… with data privacy reform?
ICO drops data bombshell as cookie law is overhauled