Vino is a site specialising in online sale of wines and related accessories. It is aimed at all types of customers, from those who simply like wine to the most demanding connoisseurs.

This case study is part of a LINC research initiative focusing on interface design. Cases dealt with are fictional services co-created with the participants of the Data & Design workshops. The solutions considered here are not intended to be recommendations to copy, but rather contextual illustrations of creative processes that might inspire your services and products. The study does not cover the entire user experience, but simply concentrates on key points. As such, it does not necessarily cover all GDPR requirements.

Product’s Context

Vino is a typical ecommerce website specialising in the sale of wines and related accessories (such as glasses and carafes). In order to purchase the products they select, customers must enter their contact information, in particular during the first purchase on the site.

As it may be considered as an archetypical ecommerce website, Vino is faced with a problem specific to such sites with regard to personal information and obtainment of consent. The interface that Vino provides for placement of orders is highly mundane: a form whose fields users risk completing instinctively or automatically. The challenge in the face of such behaviour is to succeed in drawing their attention to the information provided on the processing of their personal data and to communicate such information succinctly so as not to disrupt the user experience.

User experience and key steps

The Vino team tackled the problem by focusing on a single step in the user experience: that in which data is collected: at order form level.

Focus on the form enabled participants to explore two classical aspects of the form in depth:

  • its structure and the choice of terms used to provide customers with a clear understanding of the use of their data, information that is fully integrated into their purchasing process;
  • configuration of their marketing preferences, by providing customers with a simple interface to express their choices.

A form structured by purpose

In order for the user to easily understand how her data are processed, participants’ work focused on the form’s structure and the wording of its components. The goal was to enable users to come to an understanding of how their data are used while completing of the form.

This being so, the Vino team decided to divide up the form in accordance with purposes of processing. In order to be clearly visible, and therefore read, purposes are expressed in the titles of each section. They are reiterated in visuals located to the right of each field, expressing the reasons for collecting information in images. By so incorporating information on processing into the purchasing process, the legal aspect is dealt with in a simple and fluid fashion as far as users are concerned. Their user experience is not disrupted, as the obligation of information required by the GDPR is integrated into the interface, and they get to understand how Vino will use their information.

Proposed approach

Once they have made their choices and wish to finalise their orders, users click on the cart’s “order” button and are redirected to the order form, which then guides them through the steps required to make their purchase while providing them with progressive understanding of the way their data is used.

Simple settings for marketing preferences

The order form ends with settings up one’s preferences for marketing emailing. The Vino team decided to present marketing options by highlighting the businesses involved. Users can therefore make their choice by deciding who they agree to receiving advertisements from (Vino and/or its partners). Participants avoided checkboxes or toggles in order to provide users with a simple, clear and visual configuration.

The difference between the two options should be borne in mind: communication of advertising material by Vino is activated by default, while its partners’ is deactivated. What explains this difference?

In principle, no marketing message can be sent to anyone without their prior consent. This principle corresponds to criteria for a validly obtained consent (unequivocal, voluntary action, etc.). Vino’s default activation of its commercial emailing would therefore seem contrary to this principle. However, there is an exception to this general rule: if somebody is already a company’s customer, which is the case when they place an order on a website, the company may send them advertisements for similar products by default. In this case study, Vino comes under this exception: its users are customers (they are purchasing bottles of wine) and advertisements sent will concern products sold by Vino (wine, glasses, etc.), which are effectively similar to their initial purchases. If they do not wish to receive advertisements from Vino, customers must therefore register their objection (the “opt-out” principle), which they can do simply by clicking on the card. The option enabling reception of advertisements from partners is inactive. Users wishing to receive such advertisements give their consent by clicking on the corresponding card (“opt-in” principle).

Proposed approach

After checking the information provided on the form, users can choose the entities they wish to receive advertisements from.


The approach proposed by the Vino team cleverly integrates personal information into the user pathway. Nonetheless, it may rapidly prove to have limitations in cases where the same data item is used for several different purposes. In such cases, structuring your pathway around purposes may result in asking users for the same data item several times. This type of approach is therefore not applicable to all user pathways, and other approaches may be required in order to inform data subjects

Données & Design par LINC