What are dark patterns in cookie compliance banners & how can healthcare brands avoid them?

When someone visits your health or wellness website, perhaps seeking advice, treatment options or product information, the first thing they often see is your cookie banner. This moment matters. As a brand in the healthcare space, you have a responsibility to be clear, ethical and fully transparent with how you collect and use data.

Unfortunately, some websites fall into the trap of using ‘dark patterns’ in cookie banners, either intentionally or without realising. These subtle design tricks can pressure users into accepting cookies they otherwise wouldn’t, putting brands at risk of non-compliance and reputational damage.

In this article, we’ll explain what dark patterns are, why they’re a serious concern for both compliance and public trust, and how you can avoid them, especially if you work in the health and wellness sector.

Dark patterns, also known as deceptive patterns, are user interface designs that intentionally guide people towards choices that may not be in their best interest. In cookie banners, this typically means nudging users to “Accept all” cookies while making it harder to reject or customise their preferences.

In healthcare, this is particularly problematic. People visiting your site may be researching sensitive conditions or seeking help, manipulating them into sharing data undermines that trust.

Here are common dark patterns found in cookie banners:

• • Visually favouring ‘Accept All’
    Making the “Accept” button more prominent than the “Reject” option (e.g. using bright colours or larger fonts) skews user decisions.

• • Hiding or delaying the ‘Reject’ option
    Some banners don’t offer a visible way to refuse cookies until users click through multiple layers. Most won’t bother, meaning silent consent is collected unfairly.

• • Pre-ticked cookie categories
    Automatically enabling non-essential cookies removes genuine user choice. This is non-compliant with GDPR and ICO guidance.

• • Vague or confusing language
    Overly technical terms or double negatives can lead to accidental consent.

• • Incorrectly labelling cookies as ‘essential’
    Only cookies required for the website to function, like those enabling login or shopping cart use, should be marked ‘strictly necessary’. Analytics and marketing cookies are not.

For healthcare organisations, trust is everything. Users expect a higher standard of data privacy, and using dark patterns can quickly erode that trust.

Regulatory risks are also increasing. Regulators like the ICO (UK) and other European DPAs are stepping up enforcement and issuing warnings, and even fines, for websites found to be using manipulative consent tactics. In late 2024, for example, the Belgian DPA threatened daily penalties of €25,000 against several publishers using non-compliant banners.

But beyond fines, the reputational damage can be long-lasting. If users feel their privacy is being compromised, especially on health-related websites, they’re more likely to leave, and less likely to return.

The good news: once you know what to look for, avoiding dark patterns is straightforward. Here are some key dos and don’ts to follow:

DON’Ts:

• • Pre-select non-essential cookies

• • Hide the ‘Reject’ option

• • Use language that confuses or pressures users

• • Mislabel cookies as ‘essential’ unless absolutely necessary

• • Make it harder to withdraw consent than to give it

DOs:

• • Use clear, user-friendly language

• • Offer equal visual weight to ‘Accept’ and ‘Reject’ options

• • Allow granular consent. Users should control each category

• • Make it easy to revisit or update cookie preferences at any time

• • Ensure cookies are only dropped after active consent

A well-designed, compliant cookie banner in the health sector should:

• • Be easy to read and navigate, even under stress

• • Clearly explain what data is being collected and why

• • Offer equal, visible options to Accept, Reject, or Customise cookies

• • Avoid defaulting to consent (e.g. no auto-toggled switches)

• • Support patient trust by demonstrating transparency and ethical practice

• • Are users making an informed, active choice about cookies?
    If not, your banner may be using a dark pattern.

• • Can users easily refuse or change their consent status?
    This is vital for compliance and credibility.

• • Have you checked your CMP setup with a legal or compliance team?
    Especially important for regulated health and medical services.

Dark patterns might seem like a shortcut to better data, but for health and wellness brands, they’re a risk not worth taking.

Instead, treat your cookie banner as part of your commitment to trust, clarity and patient-centred design. By removing dark patterns and following clear ICO guidance, you not only reduce regulatory risk, you create a digital experience that reflects the care and integrity your users expect.

If you want help making your cookie banner compliant, get in touch with our team.