Register Now to Beegin Your Journey!

Register Now For Free to Beegin Your Journey!

Register Now to Beegin Your Journey!Register for free

Privacy Laws and How They Apply To You as a UX Designer

Privacy Laws and How They Apply To You as a UX Designer
Velko Petrovic
•  04.10.2022
Until 2018, most people did not think about their safety on the internet. Accepting cookies happened without thinking; most people probably didn't even understand what it meant.

In the past few years, people have become more aware of how their data is being traded and sold on the internet, which led to users becoming “privacy conscious.” In 2016, the European Union adopted GDPR, which was enforced in 2018. This step was crucial for privacy worldwide, as many countries followed this example. 

However, this wasn’t only significant for individuals browsing the internet and companies doing business online. Privacy laws such as GDPR and CCPA are important novelties for UX designers as well. 

These privacy regulations can be a challenge for people that are specializing in UX design, but overcoming this problem will lead to an improvement for many websites. By giving your visitors an option to decline cookies, you are building mutual trust. Not to mention that privacy-aware UX design will also lead to an increase in improving security measures. 

privacy and ux design

Cookie pop-up example.

3 Must Knows About Privacy Laws 

New laws and regulations on privacy influence various fields in online business, mainly when it comes to marketing and advertising. But it’s just as important for developers, UI/UX designers, and other people involved in product design to understand these laws and how they affect their work. 

1. Notifying users that their data is being collected

According to the regulations we mentioned earlier, some of the most significant changes need to be made when notifying users that their data is being collected. Asking a visitor for his permission to accept cookies is a must. Without notifying the visitor about cookies, your company, or you individually, is risking being fined for this.

Certain websites will give you a checklist with all the cookies they want to track. You can select those that you are comfortable with sharing and ignore others. This is a great way for users to feel like they have a choice, making them comfortable using the website. A checklist is a great way to present cookies to your visitors, but even the possibility of rejecting them is a great way for them to feel more relaxed using the website. 

It’s annoying when websites don’t allow you to reject cookies. Therefore, by not allowing the visitor to see the content without accepting cookies, he will most likely give up using the website. 

The pop-up that notifies the visitor about his cookies being collected needs to be designed according to privacy regulations. Most importantly, the language that’s used in this pop-up needs to be simple English that won’t confuse specific groups of people such as non-native speakers. 

Improve your product’s UX with UXtweak

The only UX research tool you need to visualize your customers’ frustration and better understand their issues

Register for free
Improve your product’s UX with UXtweak

Cliche language such as “Privacy first!” and other quotes filled with buzz words to give the user a false sense of value makes visitors lose interest in browsing the website. As a UX designer, you want to make this user experience as human as possible. Some of the companies that are known for not valuing privacy stated otherwise on their website, so tailor your approach to your visitors.

2. Going from first-party data to third-party data

Since there are more and more websites that are deciding to make a transition from third-party cookies to first-party and zero-party cookies, there are many benefits to joining this trend. This is happening for a very significant reason which is the statement that Google Chrome will terminate third-party cookies by the end of 2023. 

The death of third-party cookies occurred directly because of the GDPR. 

First-party cookies are transparent ways for websites to receive user data. This data is collected by websites only after the user has permitted the website to do so. First-party data can’t be sold nor shared with anyone outside of the company that collected them. 

Concealed data tracking related to third-party cookies did provide many marketing companies, web developers, and designers with a straightforward way to improve the effectiveness of their work. Yet this data was collected in unethical ways. 

First-party data can be shared with other branches of the company. For example, Facebook can share cookies collected on Facebook to Instagram, as they are under the same owner. This case is called second-party cookies. 

privacy laws and ux design

UX designers can utilize first-party data in various ways to improve their future work. Your cookies pop-up should provide users with reasons to accept the cookies. By providing your visitors with information on how their cookies help you improve your website, there are much higher chances for them to accept them. 

Users need to feel as if they are exchanging value with your website. They are permitting you to track their behavior and data on the website while you are assuring them that data will be used for improvements on the website. 

First-party cookies can range from language preferences to login credentials, mouse movement, and more. UX designers can use this information to improve the look and functionality of the website. 

Your cookies should have a non-intrusive approach, making them look as appealing and trustworthy as possible. 

3. Offer better security to the users

To provide people who are leaving valuable data on your website with a flawless experience, you should include better security options. Even though registration and login processes that require more steps than usual might be repelling to specific users, others will value this because of its reliability

Protecting your users by carefully notifying them before collecting their data won’t protect them as much as compelling them to use stronger passwords and multiple types of authentication. Through one-use links sent on their email and two-factor authentication, you will directly impact the protection of their privacy positively. 

According to GDPR, documents containing passwords should be protected from anyone that’s not intended to see them. This is achieved by utilizing a secure connection between your website and any person that’s visiting it. To ensure that the data exchange between the user and the website is encrypted, you must implement the SSL protocol for your website. If the backend of your site works across multiple servers, make sure developers are implementing JWT authentication to provide further security.

Websites that provide the user with a secure connection have a much higher chance that the visitor will stick around and even consider leaving their information on the website. SSL protocol encrypts data such as passwords and credit card details. 

Throughout the registration process, your future users shouldn’t be motivated to use stronger passwords by thoughtful messages and notifications. One uppercase later and one number won’t do nearly as much as reminding them why their security is so important. 

privacy and ux design


Both CCPA and GDPR are based on internet privacy. They have some differences that companies and UX designers should understand. The primary distinction between the two is that CCPA refers to businesses stationed in California, while GDPR is valid for any country that wants to do business with countries from the European Union.

GDPR is based on protecting the data of all “data subjects,” which refers to any identifiable person whose data is being collected. While CCPA’s protections refer only to people who are legally residing in California, GDPR protects users regarding their residence or citizenship status. 

CCPA affects only companies that meet one of the following criteria: 

  • Annual revenue of more than $25 million
  • Manipulates data of more than  50,000 consumers, devices, or households in California
  • 50% percent of the yearly income of this company comes from selling this data

This law also affects only companies operating in California or collecting user data from consumers stationed in California. 

Both of these acts contain regulations about transparency when collecting data. According to both CCPA and GDPR, the company must notify the user of whether his data is being collected, the reason behind data collection, and his rights in this situation. Requirements these companies have for reporting data collection differ in CCPA and GDPR.  

privacy laws and ux design

How important are privacy laws for UX Designers? 

Years ago, many UX designers didn’t have to worry about privacy laws and how will they affect their work. Yet, privacy laws will serve as basic guidelines for their profession in the years to come. The privacy-aware design will be a core principle of UX design rather than something extra. 

Implementing features that will notify the users about cookies being collected and carefully designing the notification that will ask for their consent using clear language and a transparent approach is the basis of privacy-aware design. 

It is highly recommended for UX designers to do thorough research on the privacy laws of the relevant countries and territories. Some of the largest companies in the world have been fined for invading their users’ privacy. By understanding the mentioned laws, you and your company will avoid being charged.

Share on socials |

Read More