Does ‘user consent’ on the internet really exist? GDPR to the rescue.

Photo credit: Dima Yarovinsky

I agree. We’ve all ticked the box.

You know, those boxes on every website. We’ve ticked ‘I accept’ without even reading the Terms of Use or privacy policies, so convinced that these documents are not meant for us. Or, that whatever they say, there is nothing we can do about it. Or the worst justification, that this is the price we must pay, to gain immediate access to a website, service or product, that we need so badly.

‘Blind signing’ as a general trend was confirmed in a Deloitte study in 2017, according to which 91% of US consumers accept, without reading, the terms of use of applications, updates, online services or video streaming (97% of consumers were aged between 18 and 34).

This trend was also recently illustrated by designer Dima Yarovinsky in an installation which consists of print-outs of the terms of use of the main social networks (photo above), meant to highlight the material impossibility for users to read such long texts, and the imbalance of powers between users and web giants.

Given this, it makes one wonder — is ‘user consent’, possibly the biggest lie on the internet?

Perhaps not for long.

The much talked-about GDPR (General Data Protection Regulation), which comes into force today, Friday May 25, sets out a higher standard of clarity and accessibility of the information relating to personal data processing, in line with transparency principles.

GDPR also states that all information relating to personal data now needs to be communicated to consumers in a in a “concise, transparent, intelligible and easily accessible form, using clear and plain language.”

The Working Party 29, which is a group of national data protection authorities in Europe, makes clear in its Guidelines on Consent under the GDPR that:

“privacy policies that are difficult to understand or statements full of legal jargon” would no longer be legally valid.

CNIL, the French data protection authority goes a step further to include the design of privacy policies to be a top priority in 2018. About time we say.


It’s time we empower the user and create friendly, transparent legal policies that people can actually understand — because this is about users and their life.

Dot. created this prototype privacy policy for a client in one of our latest Legal Design projects. What do you think?

Dot. prototype

Oh and by the way, this is what it looked like before.

With Legal Design we can create legal content that’s clear, easily accessible, engaging and beautifully designed — ticking all those GDPR boxes whilst empowering consumers. It’s a win-win for all.

Marie Potel-Saville, Founder & CEO of the Paris office of Dot., legal design agency.

Marie Potel-Saville

Written by

Founder & CEO, Amurabi: Legal Innovation by Design. Combining 15 years of private practice and GC experience with Innovation by Design Master’s degree at Ensci.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade