Yahoo
Privacy Redesign
Rebuilding Yahoo’s privacy experience into a scalable, compliant framework that drives trust, removes dark patterns, and adapts across Yahoo's products.
Role
Principal product designer
Team
Product manager, content designer, user researcher, engineers, legal council
Timeline
Key outcomes
+7% engagement, +8% opt in , 90% of tested users preferred the new design and described it as more transparent and trustworthy (n=40).
Privacy controls Before & After
Overview
What began as a response to evolving global privacy laws quickly became a deeper mission: rebuilding user trust at scale. With regulations like GDPR and CCPA raising the bar for transparency, users were demanding more control and clarity over their data. At the same time, major tech companies were facing record-breaking fines for dark patterns, vague disclosures, and non-compliant consent practices.
Business needs
Build user trust
Increase engagement
Enable informed consent for data use (to support ad revenue)
Reduce legal risk
Privacy controls Layer 1 & 2 before
Problems
Hard-to-navigate privacy settings
Overwhelming legal jargon
Inconsistent UI across account experiences
Lack of clarity around consent status
Risk of regulatory non-compliance
Opportunities
In response to rising user expectations and evolving global regulations, we saw a critical opportunity to:
Lead with empathy by prioritizing transparency and user trust.
Redesign the privacy experience around real user needs—not just legal checkboxes.
Set a new standard for ethical, user-first, and compliant design practices.
Launch a scalable consent framework adopted across products, properties, and international regions—supporting both regulatory compliance and business growth.
My role
Defined the end-to-end design strategy
Partnered closely with Legal, Product, Engineering, User research, Content, and Account design teams
Led design collaboratively from system-level frameworks to detailed microcopy
Contributed to the design system
Objectives
User needs
Build trust through transparent, user-first privacy design
Legal requirements
Ensure compliance with GDPR/CCPA
Business needs
Increase opt-in engagement and reduce legal risk
Competitive research
Design
Plain Language, Thoughtful Design
We rewrote all privacy copy in plain, user-friendly language—moving away from legalese.
Introduced Q&A format for consent explanations
Added tooltips, toggles, helper text, and badges for clarity
Applied Yahoo design system (type, color, spacing, iconography)
Test, Learn, Iterate
I partnered with UXR to validate three key design directions:
Align & Iterate
Built for Scale & Compliance
I worked closely with the Account designers to align on a cohesive look and feel, ensuring consistency in design and a seamless user experience across all touchpoints.
Built reusable components for toggles, cards, and modals
Integrated fully with the design system
Enabled fast adoption across multiple Yahoo products
Built to support both US and international frameworks
Final solution
Impact
%
Engagement with embedded content
%
Opt-in rate
%
TESTED USERS PREFERRED THE NEW DESIGN (N=40)
“Finally, something I can understand.”
“This feels respectful of my time and data.”
“This didn’t feel above my head.”
“This is the first time I’ve actually understood what I’m agreeing to.”
“Other sites trick you. This felt honest.”
Scaling Across Properties & Regulations
We extended the privacy framework beyond the Account Center—adapting it for multiple user touchpoints (like article pages and mobile surfaces), supporting a variety of content types (videos, social embeds, toggles), and ensuring compliance with regional privacy laws across the U.S. and Europe.
Editorial Embeds: Yahoo News & TechCrunch
We applied the same design principles to third-party embedded content (e.g., YouTube, X/Twitter) across editorial properties, where user consent is required before content is shown.
What we did:
Introduced inline, in-context consent modules inside article pages (no redirect)
Reused UI patterns from Privacy Controls for consistency
Ensured compliance with EU and UK regulations on social embeds
Preserved the reading experience while making privacy actionable
third-party embedded content consent Before & AFter
U.S. State-Level Privacy Controls
As more U.S. states introduced legislation (e.g., California, Colorado, Virginia), we extended the system to meet state-specific consent requirements. Instead of treating each state as an edge case, we:
Designed regionally adaptive patterns that automatically adjusted based on location
Aligned toggles and language with CCPA, CPRA, and state-specific nuances
Enabled auditable compliance via modular settings and localized disclosures
u.s. State specific privacy controls
Reflection
This wasn’t just a visual redesign—it was a strategic transformation of how Yahoo talks to users about privacy.We turned a compliance obligation into an opportunity to build trust and deliver clarity at scale. And we did it by making every toggle, every line of copy, and every pixel matter.