On 9 August 2023 the ICO and CMA produced a joint paper (Harmful Designs Paper) setting out their expectation that businesses use fair and transparent website practices to ensure website users are not exploited.

Businesses need to understand and comply with these expectations or risk being subject to enforcement action.

Whether you are a company involved in designing websites or your company has a website, it is essential that you ensure you take into account and avoid the harmful design practices outlined in this article.

What constitutes a ‘Harmful Design’?

Harmful design refers to website layouts, features and elements designed to deceive, manipulate, exploit, or harm website users (intentionality is irrelevant). The designs can negatively impact user experience, privacy and online safety. An area which businesses frequently get wrong inadvertently is around use of cookies and cookie consent banners.

Examples of Harmful Designs

• Deceptive Layouts and Content:
  • Misleading and confusing ads: websites that disguise advertisements as legitimate content, tricking users into clicking on them or hosting explicit or offensive content without proper warnings/restrictions or which confuse users or make it difficult to find desired information;
  • Fake buttons: clickable elements that mimic buttons or actions users expect to find on a site, leading to unintended actions.
• Dark Patterns:
  • Forced continuity: making it difficult for users to cancel subscriptions or opt out of services;
  • Sneak into basket: adding items to a user’s shopping cart without their explicit consent;
  • Misdirection: manipulating user attention to drive them toward specific actions, resulting in unintended purchases or data sharing.
• Phishing and Scam Websites:
  • Creating websites that imitate legitimate ones to steal sensitive information, such as login credentials, credit card details; Promoting fake products or services with the intention of defrauding users.
• Privacy Violations:
  • Illegitimate data collection: websites collecting user data without proper consent or transparency;
  • Cookie consent manipulation: forcing users to accept cookies or other tracking technologies without clear information about their purpose.
• Invasive Advertising:
  • Pop-ups and overlays that obstruct content and make it difficult to access information;
  • Auto-playing videos with sound that disrupt the browsing experience.

What you need to do

The Harmful Designs Paper highlights how the ICO and CMA are focussed on preventing deceitful sales tactics, encouraging tip-offs and the use of enforcement powers to prevent these misleading practices – especially those used against vulnerable individuals.

Therefore, business must ensure that their practices and websites are audited for compliance with general personal data protection principles and their websites do not include any of the harmful designs outlined above.  Due to potential enforcement action, Harmful Designs are applicable and relevant to ALL businesses with a website and must be taken into account by digital marketing agencies and others who are involved in delivering website design and build services.

Our Commercial team can assist you in identifying website practices and set up which may fall foul of current regulations and legislation and guide you to be compliant with the latest rules and regulations. Click here to learn more.