What Design Can Do About Privacy

Any time I’m confronted with a standard GDPR privacy warning on a web site, I reflexively click the option to accept cookies and move on. Recently though, while reading an article at The Times of London’s web site, I accidentally clicked on the option to manage my settings instead. What I got was this “privacy preference centre” dialog box. I was pleasantly surprised by its unexpectedly succinct design.

Design and Privacy

I can only imagine it took a lot of effort to wrestle the gnarly details of a privacy policy into as straightforward a form as this. The left-hand tabs are clearly and plainly labeled, and the text on each tab is reasonably concise, running about eighty words or so. Just as importantly, each section makes an honest attempt at explaining that particular privacy concept in direct, jargon-free language.


The presentation of these settings is almost certainly powered by One Trust, a service which allows customers like The Times to easily create and customize preference panels for cookies and tracking software, and then to embed them easily on their own sites. One Trust claims it provides similar privacy interfaces for thousands of customers. Here’s a more “straight out of the box” example that hasn’t been tailored to fit a host brand.

One Trust Privacy Center

The team at One Trust have obviously distilled their considerable domain knowledge into a thoughtful, efficient design that mitigates some of the opaqueness that always seems to accompany privacy experiences. Of course, you could argue that half a dozen tabs, no matter how elegant they are, is still too much to expect the vast majority of users to ever contend with. But it’s also fair to say that among the countless user-hostile privacy experiences that web sites have implemented out there in the wild, this is more user-friendly than most.

In some ways though this level of design refinement can actually be misleading to users. It portrays the privacy choices available to site visitors as being a simplistic set of controls. It looks like visitors can exert the full extent of their privacy rights by toggling just three or four toggles, like the ones shown here.

Privacy Preference Centre Dialog at The Times of London

In reality though, even if you switch those off, there is another layer of controls that’s effectively hidden behind The Times’s elegant presentation. Back on the first tab of this privacy centre, there’s a seemingly benign link labeled “View Vendor Consent” that belies this simplicity. Clicking on it is a bit like lifting a rock to find a colony of living organisms thriving underneath. What you get is a list of literally dozens of ad networks that are enabled on the site, all of them toggled on by default. (I turned mine off for this screen shot.)

Privacy Preference Centre Dialog at The Times of London

Of course, this is the reality of operating a content site in 2019: ad networks like these are essential to publishers’ business models. So it’s hard to fault One Trust or The Times for the existence of these settings. They have made this internecine world more approachable than it otherwise might be, imperfect as it might remain.

Still, this is a useful illustration of design’s limits in the realm of privacy—at least right now. Privacy as an experience is a product of complex business imperatives and technologies that have largely evolved without the participation of design. Even in a case like One Trust, where design has been brought to bear to improve the experience, it can only do so in a limited way—this is efficient window dressing, but in the end it’s still only window dressing.

The implication, of course, is that there’s an opportunity here to level up the experience of privacy through the application of design as a discipline. What’s needed is not just better interfaces like these, but a redesign of the whole ad network ecosystem. For now, that is a challenge that any single design team, whether at a publisher like The Times or a service provider like One Trust, would sem unlikely to be able to surmount on their own. But if it’s ever going to get fixed, if we truly want a world in which privacy controls are comprehensible to mere mortals, then design should play a role.