The purpose of consent pop-ups is to enable users to make informed decisions about the use of cookies and protect users' privacy while browsing. However, while many users claim to be concerned about their privacy, they do not behave accordingly (privacy paradox), e.g., when accepting all cookies. One reason for this behavior could be the design of some consent pop-ups, which intentionally makes it difficult for users to reject cookies (a dark pattern). Therefore, the question arises whether individual privacy concerns guide the decision to accept or reject cookies, or whether the pop-ups’ design determines the disclosure behavior. To answer this, we conducted an online study (N = 71) in which a consent pop-up (privacy friendly vs. dark pattern 1 vs. dark pattern 2; between-subjects) was presented. Participants were told to test the usability of a website and the pop-up appeared before they were redirected to the allegedly website. An ANCOVA was calculated with privacy concerns as the covariate and the number of accepted cookie categories as the dependent variable. A large effect was found for the different pop-up designs (η_p² = 0.36) and no effect for privacy concerns on the number of accepted cookie categories. When participants could reject the different categories directly (privacy friendly design), they did it more often than when the rejection could only occur in a second interaction step (dark patterns). In summary, users protect their privacy, even if they are not concerned about it, when the consent pop-up is designed privacy friendly.