From Data to Design Duties: A Design-Centered Regulatory Framework for Protecting User Autonomy on Digital Platforms

This Article argues that contemporary digital platform regulation suffers from a structural blind spot: while legal frameworks focus primarily on data processing, consent, and algorithmic decision-making, the most significant threats to user autonomy arise from the design of data-driven choice environments. Personalized interfaces, ranked recommendations, default settings, and friction-based mechanisms systematically shape user decisions in ways that are often invisible, cumulative, and difficult to reverse, even where data processing itself remains formally lawful. These forms of influence operate through personalization, invisibility, and persistence, making harms to user autonomy difficult for both users and regulators to perceive. To address this gap, the Article reconceptualizes user autonomy as a regulatory object separate from privacy and consent, highlighting the need to protect meaningful choice processes rather than relying solely on formal informational control. It explains why data-driven choice architecture represents a structurally distinct form of influence that is not adequately captured by existing privacy, consumer protection, or deception-based doctrines. Building on this analysis, the Article proposes a design-centered regulatory framework grounded in four core design duties: transparency, explainability, reversibility, and accountability. These duties do not mandate disclosure of proprietary algorithms or prohibit personalization as such; instead, they establish technology-neutral criteria for evaluating whether platform design practices respect the conditions of user self-determination. Finally, the Article illustrates how regulators can operationalize this framework through targeted screening questions and minimal evidentiary requirements, thus offering a practical and normatively grounded approach to governing digital platforms beyond data-centric models.