In 2024, I led design efforts on one of Meta’s most visible and sensitive user flows: the GDPR consent experience for third-party data. This flow is presented to hundreds of millions of users across Facebook, Instagram, WhatsApp, and Messenger who reside in GDPR-regulated regions like the EU, UK, and Switzerland. The stakes were high. The experience had to meet strict legal requirements, uphold user trust, and avoid any appearance of manipulation, all while supporting business-critical ad personalization features. This work was part of a larger compliance initiative requiring users to actively review and update settings related to targeted ads, face recognition, and third-party data sharing.
Imagine being asked to make a decision about your personal data with dense legal language, a blue button that says ‘Accept,’ and no clear way out. That’s what millions of users across Europe faced. Research showed that the UI unintentionally nudged users to opt in. The primary call-to-action, “Accept and Continue”, was styled prominently in blue, while the “Manage Settings” option was secondary and less visible. Research and regulatory feedback flagged this as a potential dark pattern that could undermine the principle of freely given, informed, and unambiguous consent. Users reported feeling confused or overwhelmed by dense legal language. Many didn’t fully understand what they were agreeing to, and those who wanted to opt out faced increased friction. This imbalance posed both ethical and legal risks. The design needed to shift from nudging toward neutrality, to instead empower users to make clear, confident choices about their data.
As Lead Product Designer, I focused on improving clarity, neutrality, and trust in the GDPR consent flow, especially around third-party data (3PD). My goal was to balance business goals around opt-in retention with user rights and regulatory compliance. Working closely with the Privacy Consent and Notifications team, Legal, and UXR, I introduced a redesigned approach anchored by a polar question and balanced call-to-action buttons. We made it easier for users to understand what they were consenting to by simplifying language and reorganizing the visual hierarchy. To drive alignment and approval, I facilitated design sprints with stakeholders from Facebook and Instagram, and secured Consent SteerCo sign-off for a new “agency headline” and CTA layout. These were later adopted into Meta’s Consent UI Guidelines. I also introduced a research-backed “sense of place” design pattern, which helped users feel anchored during the consent experience—this is now a reusable template across multiple Meta surfaces.
The redesigned consent flow was adopted across Facebook and Instagram and became a standard in Meta’s compliance UI toolkit. It was estimated to positively impact iRev growth by 0.98% to 1.97%, while also reducing regulatory risk and improving user comprehension. More importantly, the design helped reframe data transparency not just as a legal requirement, but as a moment to build user trust through clear and respectful communication.
