Cookie banners – the notices you see when you first use a website or app - are a good example of an information and consent solution with huge scope for improvement. For internet users in Europe, cookie banners have become a staple feature of the online experience.
But just about everyone thinks that cookie banners aren’t the best way to promote this understanding and choice. Precisely because cookie banners are ubiquitous (and, let’s face it, annoying), people generally don’t read them or take any action in response to them. “Notice fatigue” means people tick boxes without paying attention to the information being conveyed. To build trust, we need to simplify how we engage with people about how their data is used and the choices they have.
The European Commission has published a policy solution in the proposed ePrivacy Regulation, which contains rules around confidentiality of communication, the collection of information about people's devices and the use of marketing technologies like cookies. The regulation suggests design options to ensure that users make informed decisions about cookies on their devices, which has implications for digital businesses.
Participants included representatives from major European companies like Soundcloud and King, as well as EU bodies like the German and Portuguese Permanent Representatives and DG Connect.
"The Design Jam is proof that by combining creativity and expert knowledge, compliance with data protection rules can shift away from a zero-sum game between users and service providers towards true value creation for both sides."
Christopher Mondschein, Legal expert at the University of Maastricht
Below is an outline of the stages and exercises that took place at this Design Jam. For everything that you need to facilitate your own workshop, please follow the links to the relevant part of our toolkit.
On the morning of the Jam, participants were welcomed and Introduced to Design Jamming. They then took part in discovery exercises around stations, including Understand users to explore the role of personas in building empathy as well as Deconstruct transparency and Analyse data-use notices, reviewing a range of design approaches used to explain cookie consent.
Participants were addressed by subject matter experts. Scott Mellon, from the product, privacy and regulation team at Facebook, spoke about the old and proposed cookie laws, exploring what cookies are for and what ePrivacy will change. Sarah Drummond, founder of ProjectsbyIf, explored ideas around designing for trust and control. And Richard Gomer, Research Fellow at the University of Southampton, spoke about meaningful consent.
All participants worked to Identify opportunities by writing How Might We's on Post-Its during these presentations, and these notes were collected by the facilitation team who placed them on the wall of the day, grouping them into key thematic areas. Some of the unique groupings of questions that emerged from this Design Jam included ideas on how might we:
Ideate & Prototype
Each team focussed on imagining consent-focussed design patterns for different areas of fictional digital services:
The teams got to work on the challenge they'd been set, with design guidelines to:
Teams moved from sketching ideas and receiving Feedback from other teams to Building digital prototypes of a single idea. Each team Ceated a pitch, telling the story of their design patterns back to the whole group and receiving Feedback from experts at the end of the day.