Web site ‘Darkish Patterns’ draw the main target of FTC, State Legislators

In March, the California Consumer Privacy Act (CCPA) went into effect prohibiting companies from using “dark patterns” on their websites that make it difficult for California consumers to opt out of selling their personal information.

A dark pattern is a potentially manipulative user interface design that can intentionally or unintentionally alter decision-making, such as: B. in relation to purchases, influencing cancellations or subscriptions, registering consent decisions or promoting data exchange.

While dark patterns have been around for many years, the general take-it-or-leave-it nature of website and app usage has largely shaken them off, even if noticed.

Recently, however, this practice has been increasingly subject to legal and regulatory scrutiny, so online operators and designers should be aware that subtle manipulations can lead to enforcement measures and reputational damage more than ever. New data protection laws and proposals dictate that digital form must follow function.

Aromas of dark patterns

There are many varieties of dark patterns. In a recent award-winning research report, Arnuesh Mathur and his co-authors analyzed the presence of dark patterns on 11,000 shopping websites.

They found five main types of dark patterns: (1) asymmetrical, with one user interface emphasizing certain choices more than others (e.g. with color or font size); (2) obscures when a user interface is directing users to make certain purchases or decisions without their active knowledge; (3) deceptive when the user interface uses misleading statements or omissions to create false beliefs; (4) hides information when the user interface obscures information or delays its presentation; and (5) restrictive, where the user interface limits the number of choices available to the user.

There are other classifications of the types of dark patterns as well. The darkpatterns.org website catalogs and provides examples of patterns such as “trick questions” that can trick users into giving an answer they did not intend, including:

  • “Sneak into the shopping cart”, whereby items are placed in a shopping cart using an opt-out button or a check box on a previous page.
  • “Misdirection”, which focuses attention on one thing in order to divert attention from another;
  • “Disguised Ads”, which disguises ads as other types of content or navigation to encourage users to click; and
  • “Friend spam” when a product asks for a consumer’s email address or social media permissions under the guise of a desired outcome (such as making friends), but then spams their contacts in a message that says claims to be from the user.

State data protection laws are beginning to kick in

Consumer groups, policymakers and regulators have recently become increasingly focused on dark patterns. The new California rules prohibit the use of double negatives when consumers have a choice and prohibit consumers from providing personal information that is not required to process their opt-out request.

In a press release, the California attorney general clarified that the new ban also “prohibits companies from bothering consumers with confusing language or unnecessary steps, such as forcing them to click through multiple screens or hearing reasons why they don’t opt ​​out should”.

The successor to the CCPA, the California Privacy Right Act, which comes into effect on January 1, 2023, goes further and directly defines the “dark pattern” and makes it clear that any “agreement reached through the use of dark patterns” does not constitute consent. “The widely publicized Washington Privacy Act would do exactly the same for Washington State if passed.

The top data protection officer of the federal government is also watching

The Federal Trade Commission has also signaled concerns about the increased use of dark patterns and its impact on consumers and will host a virtual workshop on April 29 to examine digital dark patterns.

The session assesses the extent to which dark patterns differ from the sales tactics of brick-and-mortar stores. their possible harm to consumer behavior; whether some groups are wrongly addressed or are particularly at risk; the laws, rules, and norms that govern the use of dark patterns; and in particular whether additional rules, standards or enforcement efforts are needed to protect consumers.

The FTC is no stranger to dark patterns, but its recent attention to this issue could signal further action to enforce dark patterns in the near future. In a September 2020 statement, then FTC commissioner Rohit Chopra described dark patterns as “online tact with visual misdirection, confusing language, hidden alternatives, or false urgency to steer people toward or away from certain decisions.”

He went on to claim that the agency “must methodically use all of our tools to shed light on illegal digital dark patterns and that we must curb the spread of this popular, profitable and problematic business practice”.

While it remains to be seen what types of enforcement actions, bans, or legal proceedings will take place in the months and years ahead, it should be clear that businesses should be aware that consumers, regulators, and lawmakers are more focused than ever on the design of websites that feature, which are used to deceive, control or manipulate users in order to achieve behavior that is profitable for an online service.

This column does not necessarily reflect the opinion of the Bureau of National Affairs, Inc. or its owners.

Write for us: Author guidelines

Information about the author

Gretchen A. Ramos is the global co-chair of the privacy, privacy and cybersecurity practice of Greenberg Traurig LLP and is based in San Francisco.

Darren J. Abernethy, legal advisor at Greenberg Traurig LLP, is a member of the company’s Data, Privacy & Cybersecurity Practice and is based in the San Francisco office.

Comments are closed.