Usable and lawful: can consent be both?

Cristiana Santos; Colin M. Gray; Nataliia Bielova; Sanju Ahuja

doi:10.1080/13600834.2025.2610581

Usable and lawful: can consent be both?

Cristiana Santos^*
, Colin M. Gray
, Nataliia Bielova
, Sanju Ahuja

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

Under the GDPR, a valid consent must satisfy a number of requirements to comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD). The article evaluates the design of consent banners using a common and popular usability inspection method in human–computer interaction scholarship known as heuristic evaluation, which enables the researcher to identify challenges in technical provision and new generative opportunities for technical systems to better respond to legal requirements. Opportunities, challenges and tensions for a lawful and usable consent are identified through a novel application of usability heuristics to target the intersection of legal requirements and usability in the context of consent banners. These interpretations of the intersection of law and design may aid legal scholars in evaluating the lawfulness and usability of consent design strategies, while acknowledging the tensions and challenges among design and legal perspectives.

Original language	English
Journal	Information and Communications Technology Law
DOIs	https://doi.org/10.1080/13600834.2025.2610581
Publication status	E-pub ahead of print - 7 Jan 2026

Bibliographical note

Publisher Copyright:
© 2026 Informa UK Limited, trading as Taylor & Francis Group.

Keywords

Consent
consent banners
dark patterns
ePrivacy directive
GDPR
usability

Access to Document

10.1080/13600834.2025.2610581

Cite this

@article{eac8879bf38e49558530155138405ba0,

title = "Usable and lawful: can consent be both?",

abstract = "Under the GDPR, a valid consent must satisfy a number of requirements to comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD). The article evaluates the design of consent banners using a common and popular usability inspection method in human–computer interaction scholarship known as heuristic evaluation, which enables the researcher to identify challenges in technical provision and new generative opportunities for technical systems to better respond to legal requirements. Opportunities, challenges and tensions for a lawful and usable consent are identified through a novel application of usability heuristics to target the intersection of legal requirements and usability in the context of consent banners. These interpretations of the intersection of law and design may aid legal scholars in evaluating the lawfulness and usability of consent design strategies, while acknowledging the tensions and challenges among design and legal perspectives.",

keywords = "Consent, consent banners, dark patterns, ePrivacy directive, GDPR, usability",

author = "Cristiana Santos and Gray, \{Colin M.\} and Nataliia Bielova and Sanju Ahuja",

note = "Publisher Copyright: {\textcopyright} 2026 Informa UK Limited, trading as Taylor \& Francis Group.",

year = "2026",

month = jan,

day = "7",

doi = "10.1080/13600834.2025.2610581",

language = "English",

journal = "Information and Communications Technology Law",

issn = "1360-0834",

publisher = "Routledge",

}

TY - JOUR

T1 - Usable and lawful

T2 - can consent be both?

AU - Santos, Cristiana

AU - Gray, Colin M.

AU - Bielova, Nataliia

AU - Ahuja, Sanju

PY - 2026/1/7

Y1 - 2026/1/7

N2 - Under the GDPR, a valid consent must satisfy a number of requirements to comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD). The article evaluates the design of consent banners using a common and popular usability inspection method in human–computer interaction scholarship known as heuristic evaluation, which enables the researcher to identify challenges in technical provision and new generative opportunities for technical systems to better respond to legal requirements. Opportunities, challenges and tensions for a lawful and usable consent are identified through a novel application of usability heuristics to target the intersection of legal requirements and usability in the context of consent banners. These interpretations of the intersection of law and design may aid legal scholars in evaluating the lawfulness and usability of consent design strategies, while acknowledging the tensions and challenges among design and legal perspectives.

AB - Under the GDPR, a valid consent must satisfy a number of requirements to comply with the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePD). The article evaluates the design of consent banners using a common and popular usability inspection method in human–computer interaction scholarship known as heuristic evaluation, which enables the researcher to identify challenges in technical provision and new generative opportunities for technical systems to better respond to legal requirements. Opportunities, challenges and tensions for a lawful and usable consent are identified through a novel application of usability heuristics to target the intersection of legal requirements and usability in the context of consent banners. These interpretations of the intersection of law and design may aid legal scholars in evaluating the lawfulness and usability of consent design strategies, while acknowledging the tensions and challenges among design and legal perspectives.

KW - Consent

KW - consent banners

KW - dark patterns

KW - ePrivacy directive

KW - GDPR

KW - usability

UR - https://www.scopus.com/pages/publications/105027227590

U2 - 10.1080/13600834.2025.2610581

DO - 10.1080/13600834.2025.2610581

M3 - Article

AN - SCOPUS:105027227590

SN - 1360-0834

JO - Information and Communications Technology Law

JF - Information and Communications Technology Law

ER -

Usable and lawful: can consent be both?

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this