Despite the FTC’s aim to lead the regulatory debate on so-called ‘dark patterns’, the EU’s recent legislative efforts have already outlawed the practices in a range of contexts
Regulators from around the world focus in on deceptive online designs
On 10 July 2024, the International Consumer Protection and Enforcement Network (ICPEN) and the Global Privacy Enforcement Network (GPEN) announced the results of two reviews they conducted on the use of ‘dark patterns’ by various online platforms (i.e. online retailers and social networks). Dark patterns collectively describe digital design choices which manipulate, influence or deceive consumers to make certain choices within a platform interface. The reviews, which were published to coincide with the beginning of the US Federal Trade Commission’s (FTC) presidency of ICPEN, reflect a favourite focus of the regulator on deceptive design practices online. While commonly associated with e-commerce as discussed in the ICPEN review, dark patterns were also identified and detailed in the context of privacy and data protection among different types of platforms, including social media, through the GPEN review.
The two reviews detail the dark patterns often at use in the context of online subscriptions and the collection of personal data
According to the ICPEN’s review, which was conducted between January and February 2024 and focused on online subscription services, over 75% of platforms reviewed employed at least one dark pattern. The most common patterns encountered are referred to as ‘sneaking practices’ and broadly involve hiding or delaying the disclosure of information that may influence a consumer’s purchasing decision, including failing to include added fees until a final purchasing screen or allowing auto-renewal of subscription services without additional consent. Other common practices included preselecting certain purchasing options such as longer subscription periods, obstructing processes such as the path to cancelling subscriptions and creating a false sense of urgency through the use of low stock labels or countdown timers. The GPEN review, which took place over the same period but instead captured privacy decision making processes online, found that 97% of platforms engaged at least one dark pattern. The most common practice cited by the study was the use of long and complex language in privacy policies likely to confuse or discourage consumers. The review also found platforms frequently made it more difficult to select settings which better protected a consumer’s privacy and to delete or sign out from accounts. Across both studies, the organisations expressed a concern that a majority of platforms reviewed appeared to engage dark patterns that encourage consumers to make decisions which were not in their own best interests, be they related to the length of a subscription service or the access a site is given to personal data.
While the EU has banned dark patterns through a number of recent laws, the ambiguity of identifying these practices may still prove a challenge
Though the FTC has sought to identify itself as a leader in policing the use of dark patterns, the US lacks a federal regulatory framework to address deceptive design or most other online harms. The EU, in contrast, has imposed various bans on dark patterns in online interfaces through a number of recent laws. Dark patterns are prohibited outright by the Digital Services Act and are also banned in the context of personal data access under the Data Act, as well as in the context of AI-powered interfaces under the AI Act. Given the range of design choices which could be considered dark patterns and the rate of innovation in online platforms, there remains, however, ambiguity in defining and identifying prohibited actions under these laws. While governments and regulators are invested in understanding the commercial practices behind dark patterns and communicating the consumer harms related to them, regulating these practices may prove more difficult in practice even with the appropriate legal frameworks.