Is ‘user consent’ the biggest farce on the internet? GDPR to the rescue.

GDPR — promoting transparency and design in the law.


“I Agree” by designer Dima Yarovinsky.

I agree. We’ve all ticked the box. Ticked ‘I accept’ without even reading the Terms of Use or privacy policies, so convinced that:

  • These documents are not meant for us;
  • Or that whatever they say, there is nothing we can do about it;
  • Or even that this is the price one must pay, to gain immediate access to a possible website, service or product, that we need so badly.

‘Blind signing’ as a general trend was confirmed in a Deloitte study in 2017, according to which 91% of US consumers accept, without reading, the terms of use of applications, updates, online services or video streaming (97% of consumers aged between 18 and 34).

This trend was also recently illustrated by designer Dima Yarovinsky in an installation which consists of print-outs of the terms of use of the main social networks (photo), meant to highlight the material impossibility for users to read such long texts, and the unbalance of powers between users and web giants.

Given this, is ‘user consent’, possibly the biggest lie on the internet? Perhaps not for long.

The much talked-about GDPR (General Data Protection Regulation), which comes into force today, Friday May 25, sets out a higher standard of clarity and accessibility of the information relating to personal data processing, in line with transparency principles (see e.g. Recital 39).

GDPR also states that all information relating to personal data now needs to be communicated to consumers in a in a “concise, transparent, intelligible and easily accessible form, using clear and plain language” (Art. 12).

The Working Party 29, which is a group of national data protection authorities in Europe, makes clear in its Guidelines on Consent under the GDPR that

“privacy policies that are difficult to understand or statements full of legal jargon” would no longer be legally valid.” (Article 3.3.2).

CNIL, the French data protection authority goes a step further to include the design of privacy policies to be a top priority in 2018. About time we say.

It’s time we empower the user and create friendly, transparent legal policies that people can actually understand — because this is about users and their life.

Dot. created this prototype privacy policy for a client in one of our latest Legal Design projects. What do you think?

Dot. Prototype Privacy Policy for client.

With Legal Design we can create legal content that’s clear, easily accessible, engaging and beautifully designed — ticking all those GDPR boxes.

About the Author: Marie Potel-Saville, Founder & CEO of the Paris office of Dot., legal design agency.