Dark patterns, or deceptive design patterns, are interfaces that push users towards decisions that harm their privacy. In cookie banners, the classic example is a large visible accept button while rejection or configuration is hidden, greyed out or placed behind several steps.
In this article we will discuss...
What the AEPD and EDPB say
The AEPD Cookie Guide requires consent to be informed, free and easy to withdraw. The EDPB has also published Guidelines 03/2022 on deceptive design patterns, which are useful for identifying designs that manipulate privacy choices.
Examples of cookie dark patterns
- Overloading: too much information or too many steps to reject.
- Hiding: concealing rejection or configuration options.
- Misleading visual hierarchy: accept is highlighted while reject is barely visible.
- Confusing language: wording designed to obscure consequences.
- Forced consent: blocking access without a valid alternative.
Why consent may be invalid
Consent is not valid if it is obtained through pressure, confusion or an unbalanced interface. Refusing should be as easy as accepting, and users should be able to change their decision later.
Cookie banner checklist
- Are accept and reject options similarly visible?
- Can users reject without going through several screens?
- Is the information specific and understandable?
- Are non-essential cookies blocked before consent?
- Can users withdraw or change consent easily?
Conclusion
Dark patterns are not just a design issue: they can make consent invalid. Websites should review banners, policies and consent tools to ensure a real and balanced choice.





Leave a Reply
Want to join the discussion?Feel free to contribute!