TTC Labs - ePrivacy and cookies

ePrivacy and cookies


21st Jun 2017 at The Leopold Hotel

The context

Cookie banners – the notices you see when you first use a website or app - are a good example of an information and consent solution with huge scope for improvement. For internet users in Europe, cookie banners have become a staple feature of the online experience.

But just about everyone thinks that cookie banners aren’t the best way to promote this understanding and choice. Precisely because cookie banners are ubiquitous (and, let’s face it, annoying), people generally don’t read them or take any action in response to them. “Notice fatigue” means people tick boxes without paying attention to the information being conveyed. To build trust, we need to simplify how we engage with people about how their data is used and the choices they have.

The European Commission has published a policy solution in the proposed ePrivacy Regulation, which contains rules around confidentiality of communication, the collection of information about people's devices and the use of marketing technologies like cookies. The regulation suggests design options to ensure that users make informed decisions about cookies on their devices, which has implications for digital businesses.

The challenge

Find a way to give people more meaningful trust, choice and transparency while maintaining a sustainable business model by designing solutions that help people to understand and agree to the use of cookies.

Who participated

Participants included representatives from major European companies like Soundcloud and King, as well as EU bodies like the German and Portuguese Permanent Representatives and DG Connect.

What did they say
"The Design Jam is proof that by combining creativity and expert knowledge, compliance with data protection rules can shift away from a zero-sum game between users and service providers towards true value creation for both sides."

Christopher Mondschein, Legal expert at the University of Maastricht

What happened?

Below is an outline of the stages and exercises that took place at this Design Jam. For everything that you need to facilitate your own workshop, please follow the links to the relevant part of our toolkit.


On the morning of the Jam, participants were welcomed and Introduced to Design Jamming. They then took part in discovery exercises around stations, including Understand users to explore the role of personas in building empathy as well as Deconstruct transparency and Analyse transparency in context, reviewing a range of design approaches used to explain cookie consent.

Participants were addressed by subject matter experts. Scott Mellon, from the product, privacy and regulation team at Facebook, spoke about the old and proposed cookie laws, exploring what cookies are for and what ePrivacy will change. Sarah Drummond, founder of ProjectsbyIf, explored ideas around designing for trust and control. And Richard Gomer, Research Fellow at the University of Southampton, spoke about meaningful consent.

Brussels 2017

All participants worked to Identify opportunities by writing How Might We's on Post-Its during these presentations, and these notes were collected by the facilitation team who placed them on the wall of the day, grouping them into key thematic areas. Some of the unique groupings of questions that emerged from this Design Jam included ideas on how might we:

  • give choice, control and transparency?
  • explain in context?
  • account for timing?
  • enable functionality?
  • be intuitive and personal?
  • provide people with the ability to control of the overview of their data relationship?

Ideate & Prototype

After lunch, the wall of the day was reviewed before moving into the Team kickoff. The facilitators Set brainstorming rules and introduced the teams to Sketching ideas.


Each multidisciplinary team focussed on imagining transparency-focussed design patterns on different areas of fictional mobile apps, and they were given data use briefs for these apps accordingly.

The teams got to work on the challenge they'd been set, with design guidelines to:

  • inform people about the use of cookies and similar technologies
  • provide people with appropriate choices to reject or accept the use of cookies and similar technologies
  • minimize the risk of “notice and choice fatigue” on the part of people
  • ensure that people can continue to access and enjoy online services, and providers can provide them, with the minimum of friction or disruption.

Jam Brussels2017 sketch - privacy profiletype

Teams moved from sketching ideas and receiving Feedback from other teams to Building digital prototypes of a single idea. Each team Ceated a pitch, telling the story of their design patterns back to the whole group and receiving Feedback from experts at the end of the day.

See the prototyped solutions here:

  1. The Globe - a large ad-supported news publisher
  2. OS setup - control panel for an operating system
  3. Jam - online music service
  4. Cookie timeline - operating system marketplace add-on