Avoid GDPR Dark Patterns with UniConsent CMP


7 min read

Are you aware of GDPR dark patterns? - If you are handling any kind of user data or running advertising trackers, you will know about complying to the likes of data regulations like the GDPR.

Avoid GDPR dark patterns with UniConsent Consent ManagerAvoid GDPR dark patterns with UniConsent Consent Manager

This kind of requirement can get in the way of companies making profits because more and more users are wanting to "Reject All" on cookie consent and take control of their privacy online. In reaction to more users turning off a lot more data tracking, companies are trying out more tricks to encourage users to keep all their privacy options open, such as nudge techniques.

A nudge technique is where a website will encourage the user to keep their cookie consent options on and allow more of their user data to be shared, thus, allowing better targeted adverts and more profit. The problem here is that the user is misguided and made to feel like they have no control or choice. The consent modal will only encourage one option and that option is usually what the company/website wants you to click, this is where you can fall into GDPR dark patterns, you end up removing the choice from the user visiting your website or service.

Bad Example

A dark pattern consent modal will say things like "Accept now and receive all the cool features" in contrast to "Don’t accept and have a reduced experience and less options". In the eyes of the GDPR, the user should have the same experience and be shown the same content no matter their consent settings, the users privacy and choices should be respected and it should not be made harder to choose different options.

An example of this is where consent modals take up the whole screen and make it harder to reject all or change privacy options:

Bad GDPR CMP example

The consent modal above is meeting the GDPR requirements by offering a modal to control privacy settings but it is an example of dark patterns towards user privacy. At first this modal is the first thing the user is presented with, they have not much choice other than to automatically click "I Accept" and get access to the content, this is wrong because the opt-out options are not labelled clearly and the modal makes you navigate further to access privacy options, there is no "Reject All" button. It is not clear to the user that they have any choice, to get access to the content the user will most likely click the accept button, this is not enough and is misleading the user.

Good Example

UniConsent avoids data regulation dark patterns by offering a "Reject All" button, a consent modal with UniConsent makes it clear that the user has choice and is allowed to quickly accept all options or reject all at the click of a button. UniConsent modals do not make it confusing for users. Publishers installed UniConsent CMP have the choice to enable or disable "Reject All" button at the management console depending on requirements.

For example, with UniConsent a valid modal that avoids dark patterns look like this:

Good GDPR CMP example

You can clearly see that the user can either accept or reject without having to navigate through confusing menus or buttons. UniConsent quickly provides 3 options, the user has the choice on what they can do clearly.

UniConsent clearly presents the purposes without having to click any further buttons. Dark patterns are considered bad practice and are of concern because they are criticised for manipulating consumers into subscribing to things they don't want or for users to give up their privacy so websites can sell better targeted adverts.

Data Regulation Crackdown

EU regulators are starting to use their GDPR powers to sanction the use of dark patterns which go against the principles of privacy online. It is good to beware of what is right and what is wrong because you could be at fault. Dark patterns are new and becoming more in the line of fire which may have started as an aggressive trick to get users to hand over data but may have become unlawful practice.

Website designers and marketers need to be aware of dark patterns and they should not be directly manipulating users to give up more data than required, by falling into use of such practices it reduces data transparency, data minimisation, and data protection for the user and that is what the GDPR is all about.

As a major example the French data protection authority (CNIL) were able to fine Google 57 million Euros for following dark patterns which led to users not being able to correctly choose privacy settings and forcing them to navigate through multiple buttons to turn off certain options.

Invalid Confusing Modal Example

Some modals are not valid because all the opt-in settings are on by default and you have to go through them individually to turn them off, thus, likely forcing a user to blindly click "Accept All" because that is quicker to get to the content they wish to view, a consent manager should not get in the way like this.

UniConsent ensures its modal does not get in the way, there are no default options, just a quick "Reject All" or "Accept All" and a button to manage each consent option for a granular experience.

Conclusion: What should you do?

Now that we better understand what dark patterns are in relation to privacy consent managers, what are the recommendations to follow to avoid them? - Let’s walk through some basic requirements of a good consent modal, which is what UniConsent follows as well.

  • Defaults: You must only select strictly necessary cookies (login, auth) and leave other cookies or vendors turned off, allowing the user to select what they want. Don’t bundle up options to make it harder to change settings.

  • Ease of Use: Make it quick and easy for a user to select their options, countless toggles and buttons are not good. A Reject all button is a must.

  • Wording: Clearly state what the buttons will do if clicked, don’t use confusing terminology, which leads to the user just accepting everything.

  • Rewards and Punishment: It is not valid to make the user feel guilty or like they will miss out if they choose to opt-out of cookies or turn on privacy settings, this leads to consumer manipulation which is not good for privacy. This is known as “Confirmshaming”.

  • Force and Timing: Don’t make the user wait for necessary loading times while the accept button is shown, privacy options should be displayed quickly and not hidden away.

With UniConsent we follow all the recommended ways of avoiding dark patterns, we ensure the user is given a choice. A user's privacy is respected and quick response and loading times mean the user can select their options without feeling forced to accept to gain access to content quicker. Dark patterns are harmful to user privacy and we should instead be aiming to obtain genuine consent.

About UniConsent

UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: hello@uniconsent.com

Beginnen Sie damit, Ihre Website und Anwendung gemäß EU-DSGVO, US-CPRA, CA-PIPEDA usw. konform zu machen


Ressourcen für die Einwilligungsmanagement-Plattform

Beginnen Sie damit, Ihre Website und Anwendung gemäß EU-DSGVO, US-CPRA, CA-PIPEDA usw. konform zu machen