WTF are dark patterns?

Dark patterns pop up all over the digital environment, from e-commerce checkouts to digital ads to — yes — cookie tracking opt-out interfaces. They are digital coercion by design, and they are now banned by new regulations to enforce California’s privacy law that prohibit companies from using dark patterns to dissuade people from opting out from the sale of their personal information.

What are dark patterns?

Put simply, dark patterns are tactics employed to get people to take an action they may not actually want to take or realize they are taking. U.S. Federal Trade Commissioner and would-be head of the Consumer Financial Protection Bureau Rohit Chopra has referred to dark patterns as “digital tricks and traps,” employing design features that “deceive, steer, or manipulate users into behavior that is profitable for an online service, but often harmful to users or contrary to their intent.”

What are some examples of dark patterns?

• In e-commerce or travel booking: Creating a false sense of urgency for a product or service through scarcity signals indicating that a certain number of people are also interested in it (“Three others are looking at this hotel room right now.”)
• In app download agreements: Forcing people to accept densely-worded terms before they can access a product or service
• In data collection notices for opt-out: highlighting certain choices with more prominent or brightly colored buttons while obscuring others
• In subscription services: Making it very difficult to cancel a service or find opt-out links

How do dark patterns work?

Dark patterns prey on human cognitive frailties. France’s data protection authority stated in its Shaping Choices In the Digital World report that “Dark patterns rely on human psychology, playing on cognitive biases that we’re often not aware of.” Essentially, they are designed to manipulate people’s minds into making decisions they might not make if presented with information in a more clear and direct manner.

Are dark patterns common in e-commerce?

Yes. “E-commerce is definitely the area where they’re the most prevalent,” longtime dark patterns researcher Jen King told Digiday. A privacy and data policy fellow at Stanford University’s Institute for Human-centered Artificial Intelligence and Privacy, King served as an expert witness in an FTC case against Commerce Planet, finding that the service steered people toward enrolling in a monthly payment plan during the checkout process. The agency eventually returned $748,000 to affected consumers. Amazon has also come under fire by the Norwegian Consumer Council and consumer groups for dark pattern practices making it difficult for people to opt-out from Amazon Prime.

So, dark patterns are showing up in data tracking opt-out notices?

Indeed. Right now across the web, people are presented with opt-out notices that make choices to agree to accept third-party cookies much more prominent than links to opt out from data collection and use. King conducted research last year finding dark patterns that interfere with Californians’ ability to submit do-not-sell requests under California Consumer Privacy Act (CCPA).  In some cases, “The links to the opt-outs are in the same place where you would find a privacy policy,” she told Digiday. In some cases, she said, “The design is really focused on bare bones compliance or potentially non-compliance. The companies don’t want you to [opt-out], and they’re not making it easy.”

What about dark patterns in advertising?
Dark patterns have been detected in advertising imagery and messaging, too.

And some designers, researchers and lawmakers suggest that content recommendation algorithms encouraging people to remain on a platform or sign up for ad-free offerings are forms of dark patterns. For instance, an algorithmic system might increase ad play after a regular video viewer dismisses the request to remove ads.

Are dark patterns against the law?

Legislators and regulators are cracking down on dark patterns. In California, regulations approved in March 2021 to enforce the CCPA specifically ban the use of dark patterns that delay or obscure the process for opting out of the sale of personal information or bombard people with confusing information or excessive steps. The California Privacy Rights and Enforcement Act which will cover data practices starting in January 2022, addresses dark patterns directly, stating, “agreement obtained through use of dark patterns does not constitute consent.”

As for federal laws, bills introduced in recent years that could be reintroduced in the current congress address issues related to dark patterns. The Deceptive Experiences To Online Users Reduction (DETOUR) Act would have prohibited large online platforms from using dark patterns to trick consumers into allowing access to their personal data. The Safe Data Act would have stopped companies from designing, modifying or manipulating user interfaces to obscure, subvert or impair user decision-making or to obtain user data or consent.

Expect more regulatory activity around dark patterns. The FTC will hold a workshop on the subject on April 29.