Understand how your data is used and shared

Understand how your data is used and shared

Various regulations and frameworks have emerged to safeguard individuals' personal information while enabling businesses to operate effectively. Among these, the Transparency and Consent Framework (TCF), the California Consumer Privacy Act (CCPA), and the Australian Privacy Act stand out as prominent examples.

As new regulations came in and expectations evolved, I worked closely with the Guardian's Data Protection Officer and developed an approach with Advertising, Engineering and Product.

Making privacy choices clear and actionable

Making privacy choices clear and actionable

Legal jargon and technical terms required on consent screens can leave users frustrated and unsure what to choose. The challenge: simplify complex privacy regulations into interfaces that respect both legal requirements and user comprehension.

Working alongside the Guardian's Data Protection Officer, I collaborated with teams across Advertising, Engineering, and Product to develop solutions that enabled informed decision-making. The work addressed compliance with multiple frameworks including the Transparency and Consent Framework (TCF), California Consumer Privacy Act (CCPA), and Australian Privacy Act.

The approach prioritized user understanding over legal minimums, recognizing that meaningful consent requires clear communication rather than checkbox compliance.

Research: Comprehension and affordance testing

Research: Comprehension and affordance testing

Comprehension studies: Conducted unmoderated online testing via UserTesting.com with 8-10 participants per round across UK and US regions. Participants interacted with actual consent screens, then explained available options in their own words and rated clarity on a defined scale. This approach identified unclear phrasing and helped simplify messaging for informed decision-making.

Affordance testing: Recognizing that most visitors decide within seconds, we ran five-second and journey tests across mobile and desktop. A key finding emerged: the privacy consent use case required distinct design system rules separate from standard primary/secondary button logic.

The research revealed that traditional UI patterns created false hierarchies in consent choices, potentially steering users toward specific decisions rather than enabling genuine choice.

Developer tooling: Building confidence and reducing errors

Developer tooling: Building confidence and reducing errors

Engineers faced significant friction building and testing consent screens - manual configuration, testing, and deployment created substantial error risk. After researching pain points and automation preferences, I partnered with a Backend Engineer to develop a SvelteKit application enabling engineers to "build, preview and reliably test consent messages locally before launching to production."

Results:

• Engineers reported increased comfort with consent tasks

• Higher confidence implementing changes

• Facilitated accessibility improvements

• Enabled performance optimizations resulting in 18% rise in Core Web Vitals scores

The internal tooling transformed consent screen development from a high-risk, manual process into a reliable, testable workflow. This developer experience improvement directly benefited users through better-performing, more accessible consent interfaces.