Design for con­sent & agency: pri­vacy modals

Over the past six weeks or so, I started col­lect­ing inter­est­ing exam­ple of modals for cookie per­mis­sions. The results are not very encour­ag­ing, even after I chose to avoid any ref­er­ences to OneTrust.


Such a beau­ti­ful design, it’s easy to over­look the poor link con­trast, and the fact that they could have put a ‘[R]eject’ option in there, with­out requir­ing an extra click.

FYI: the ASCII bor­ders are actu­ally encoded as top and bottom bor­ders with base64 back­ground images, with the sides being base64 back­ground images in :before and :after pseudo-ele­ments. I guess that makes it scale extra-smoothly, but I’d trade a little of the design love for a better user experience.

Virgin​.co​.uk – a rare customisation

It’s strange how many cookie modals are served by a paid solu­tion, when so many of these sites have ded­i­cated devel­oper teams. I under­stand the admin­is­tra­tion may be com­pli­cated, but it is sad that the design isn’t nec­es­sar­ily expected to match the brand lan­guage system. Of the modals I’ve cap­tured here, only two are unique in design. But this is an even rarer exam­ple of com­pelling, useful copy.

Virgin starts with a fairly reg­u­lar banner popup, draw­ing atten­tion to the ‘Accept All’ button. But when you click ‘Let me choose’ (which is a gen­uinely nice way to put it) you get a very nice modal with ample white­space, and clear lan­guage. And they have a Cookie Policy page where you can revise your choices at any time; even rep­utable news sites may not have that.


They empha­sized the ‘Learn More’ over the ‘Continue with­out agree­ing’ – and yet I am yet to meet anyone who goes out of their way to reject spe­cific cook­ies or vendors.

If you do choose ‘Learn More’, this is what you get. 

Was the hier­ar­chy choice just bad design, or an uneth­i­cal strat­egy? That Reject option is really not obvi­ous. And yet Bic’s modal is a solu­tion from Didomi, which actu­ally has a much better ver­sion on their own site. 


Same hier­ar­chy for ‘Disagree’ and ‘Agree’, with ‘Configure’ right on the same level. Why do they allow their clients to mess up the user expe­ri­ence? Because AfricaNews​.com is another cus­tomer, and theirs is iden­ti­cal, apart from the high­light colour.


Really no reason to stick your logo on the cookie con­sent modal, unless you chose to white out your home­page when the modal loads… 

GetSprout​.app – simple and straightforward

It’s sur­pris­ingly rare to find a con­sent modal that resists the indus­try habit of draw­ing people toward the ‘Accept’ button. If they had gone fur­ther to put ‘Reject’ on the extreme end – research shows the extremeties are easier tar­gets for users – I would rate them even higher.

Secrid​.com – min­i­mal detail, upfront access

They put the cookie def­i­n­i­tions and poli­cies in a link, and exposed the levels of cookie access, with the optional ones opted out by default – no extra click needed to reject. ‘Allow All’ is high­lighted, but it’s a muted high­light – is that a design mea culpa, or part of a low-con­trast colour system? Either way, this one looks nice, and feels good.


It’s a min­i­mal site, so I actu­ally missed the fact that the modal was custom built. And since there is no opt-out, this is essen­tially a notice – likely no queries behind it. 

I’m not sure if I’m amused or annoyed by the non-inter­ac­tive check­box, or the insti­tu­tional voice explain­ing what cook­ies are.

I don’t use cook­ies; I don’t think I know how to trans­late the data to improve my design or mar­ket­ing, so I just go with best prac­tice, which is essen­tially a sum­mary of all insights, ever. 

I also reject cook­ies wher­ever I can. I occa­sion­ally browse with a modal in my face, because the devel­oper hid the ‘Reject’ button and I would­n’t click okay. And that’s my choice, I guess. 

But why is this aspect of our dig­i­tal expe­ri­ence so lack­ing in vision and cre­ativ­ity? I wonder what an audit of the top 100 brands or indus­try lead­ers (by any metric) would reveal about how they value user agency and choice. Do dis­re­spect­ful sites ben­e­fit? Does bad UX pay? I do pray that this isn’t the case.