UX at the Edge of Annoyance: A Consent Story - Ellen Drewes

UX at the Edge of Annoyance: A Consent Story

By /

 

How I designed a 0-1 product that has interrupted billions of user journeys…and why I’m still proud of it.

Challenge:

In 2018, GDPR enforcement was about to reshape digital privacy. Publishers had no reliable way to collect consent at scale, and users were tired of clunky, legally confusing popups. Quantcast’s business — and its clients’ — depended on getting it right, fast. We had one quarter to launch a Consent Management Platform that was flexible, compliant, and usable across thousands of high-traffic sites.

Role and Team

Role: Principal Product Designer

Team: 1 PM, multiple engineers (on-site & remote), legal counsel, sales, and me

I led UX and UI end to end — designing the CMP experience from scratch, building configuration tools for publishers, and shipping in daily feedback loops with engineers. I also ran A/B tests, traveled to meet European publishers, and helped shape the product vision that kept us moving fast and focused.

Impact

  • Launched on time for GDPR enforcement, May 2018
  • Adopted by 10,000+ domains and top-tier publishers globally
  • Captured 1+ billion consent decisions in the first 60 days
  • Ranked the most widely adopted CMP on UK and US publisher sites
  • Acquired by InMobi, validating its long-term value
  • Still in use years later — helping the internet stay (reluctantly) compliant

 

If You’ve Visited a Website Lately…

You’ve probably seen my work – because it blocked your screen.

Those cookie banners, trays, and popups that ask for your consent before you can read the news or check a flight have become part of the web’s landscape, and I helped design one of the first and most widely used. They’re disruptive, annoying and break cardinal rules of good UX – but they were necessary, and I’m proud of how we made them.

 

The Problem

In 2017, GDPR (Europe’s wide-ranging consumer privacy legislation) was about to take effect, and most publishers weren’t ready. There was no reliable, scalable way to collect user consent across devices, regions, and platforms. DIY solutions were often legally shaky, visually jarring, and technically brittle.

Quantcast’s core business — ad delivery powered by audience data — was directly threatened. So were the businesses of our clients.

We needed to launch a fully compliant, high-performance Consent Management Platform (CMP) that could scale across thousands of publisher sites — and we had just one quarter to do it.

My Role


I was the sole designer on the team. I owned the UX and UI end to end, working closely with engineers, PMs, legal, and sales to design, validate, and ship the product fast.

Specifically, I:

  • Designed the full CMP experience used by billions (popups, trays, modals, banners)
  • Created advanced granular consent flows for users who didn’t just click “accept”
  • Built a configuration tool for publishers to customize layout, copy, and branding
  • Conducted guerrilla research and stakeholder interviews across the UK and EU
  • A/B tested multiple interface variants on a major European news site
  • Paired daily with engineers, reviewed code, and refined flows in real-time
  • Coordinated with a remote development team through implementation and QA


Approach

1. Lean, Disciplined, and Fast

We carved out a war room on a quiet floor, surrounded ourselves with whiteboards, and worked in tight, daily loops. No overhead. Just build, test, refine.

Each day, I prototyped flows, rewrote copy, validated edge cases, and responded to real-time legal updates.

Daily scrums often turned into intense and productive discussions about the problems we were solving, in a direct way that is rarely available to cross-functional facets of a large org. We did demos, brainstorming sessions and knowledge shares multiple times a week and pressure-tested each other’s hypotheses and assumptions freely. It reminded me of my early days in small, early stage startups and the payoffs began to feel the same too: extreme productivity, daily progress and the daily learnings directly from the customer about whether we were on the right track.



2. Designed in the Wild

From day one, our small team stayed in constant communication with the customers for whom GDPR regulations were causing the most pain. Most were large publishers based in the UK, and many were already a part of our beta programs for other products. We didn’t guess. We shipped to real users every day – and integrated their constant feedback in realtime.

  • Visited top publisher offices in the UK for hands-on interviews
  • Joined sales calls to hear enterprise objections in real time
  • Sat with customer support to track common confusion points
  • Ran multivariate A/B tests with millions of impressions
  • Balanced consent rates, clarity, and legal defensibility



 3. Built for Flexibility

Publisher needs varied wildly — from “just give me a button” to full visual customization. I designed and helped launch a no-code configuration tool so non-technical teams could:

  • Adjust branding, layout, and copy
  • Choose modal vs tray vs banner formats
  • Select vendors and stack preferences
  • Preview their implementation live



4. Cross-Functional to the Core

I collaborated closely with front-end and back-end engineers — both on-site and remote — sharing handoffs via Figma and GitHub, resolving blockers in ad-hoc syncs, and ensuring design feasibility every step of the way.

What We Learned

From day one, our small team stayed in constant communication with the customers for whom GDPR regulations were causing the most pain. Most were large publishers based in the UK, and many were already a part of our beta programs for other products. Quantcast had a strong history of customer discovery at every stage of development and so we recognized that these relationships and conversations were non-negotiable to our success, especially with such a short window. After dozens of visits to publisher offices in the UK and many hours of interviews, we heard over and over again that:

  • The stakes were high and the pain was palpable. Clients were scared, legal and engineering teams were overwhelmed, GDPR regulations were complex and evolving, and the fines for violating them were not insignificant. DIY CMPs were crashing conversion rates and engagement metrics.
  • The needs were diverse. Some had full dev teams. Others had one marketing lead and a lawyer. No tool on the market served all, and each organization wanted variations that met their brand guidelines, styleguides and niche user needs.
  • Simplicity was key. Among organizations both large and small, we found a few in-house experts who had taken the time to understand the implications and requirements of GDPR…but they faced an uphill battle educating their orgs and effectively implementing a solution. Even the privacy experts needed something fast, flexible, and foolproof to implement.

Outcomes & Reach

  •  Launched May 2018 — just in time for GDPR
  • 1+ billion consent decisions captured in first 60 days
  • #1 most widely adopted CMP on UK and US publisher sites
  • Deployed on 10,000+ domains across industries
  • Later acquired by InMobi, validating its long-term value



Why It Worked

  • Ruthless design focus inside a compressed legal + technical environment
  • Real feedback from enterprise users — not just “end users”
  • Product vision that supported both compliance and customization
  • UX that prioritized trust, performance, and speed over aesthetics
  • A culture of pragmatism, iteration, and shared ownership



Reflection

Designing this system taught me a hard truth:

Sometimes great UX means knowing when to break the rules — on purpose, for a reason.

We hijacked user journeys. We forced choices. But we did it with clarity, integrity, and respect for the new reality of digital privacy.

Would I design it differently today? Of course.

But I wouldn’t trade the speed, the grit, or the impact for anything.\

Scroll to Top