There are numerous ways to interfere with the visual design of a page to hide, obscure or disguise information. Visual perception can be manipulated by using small, low contrast text. Comprehension can be manipulated by creating a chaotic or overwhelming interface. User's expectations can be violated by placing important information in styles or location they would not expect.
In 2019, Tesla added an eCommerce feature to their mobile app, allowing Tesla car owners to buy upgrades for their vehicles, such as an autopilot that would unlock "Full Self-Driving" capabilities for $4,000. Some customers purchased this by mistake, and were outraged when they discovered that Tesla was refusing to provide a refund. Renowned author Nassim Nicholas Taleb complained on Twitter: _"I unintentionally hit the buy button while the app was in my pocket". _
Hidden on the purchase screen was some small, low contrast text stating "upgrades cannot be refunded". This text was the lowest contrast text on the page, and was difficult to see (Image source: Reddit, 2019).
Misdirection (Brignull, 2010), False hierarchy (Gray et al., 2018), Visual interference (Mathur et al., 2019).
Users must give informed and unambiguous consent and receive clear information about cookies, including processing purposes and data controller identity, according to the law.
Requires website operators to obtain user consent before storing or accessing information on the user's device through cookies or similar technologies.
Consent is a voluntary agreement by an individual for their personal data processing, after being informed of its specific purposes and conditions.
Legal basis for processing personal data are performance of contract, legal obligations compliance, protection of vital interests, controller's legitimate interests, and data subject's consent.
Ensures transparent information and easy access for individuals to their personal data processing, with the right to obtain a copy in a clear and common format.
Controllers must provide identity, contact details, processing purposes and legal basis, recipient information, retention period, and data subject rights when collecting personal data.
Specifies required information for data subjects when collecting personal data from other sources, including controller identity, processing purposes, personal data categories, recipients, and retention period.
Implementing a new consent based solution.