Dark patterns: Why increased legal scrutiny means the end of deceptive designs could be in sight

It’s inherently unfair to trick people into making an unfavorable choice – whether it’s paying more than necessary for a product, remaining subscribed to a recurring payment, or providing personal data that they would rather keep private. 

Yet “dark patterns” – manipulative or deceptive interfaces, notices, and designs – are common across the internet’s cookie banners, checkout processes, and settings menus. 

But for the past few years, regulators have been particularly vocal about why implementing dark patterns could be illegal in certain contexts. And legislators are increasingly keen to prohibit dark patterns via primary law. 

What are dark patterns?

There’s no official definition of “dark patterns,” but we can look to the phrase’s origins to help us understand its meaning. 

The term “dark patterns” was coined by researcher Harry Brignull, who set up a website to help people recognize the phenomenon. But Brignull now uses a different phrase – ”deceptive patterns”, which he defines as follows: 

“Deceptive patterns (also known as “dark patterns”) are tricks used in websites and apps that make you do things that you didn’t mean to, like buying or signing up for something.” 

Brignull provides the following examples of dark patterns: 

• Comparison prevention: Blocking the comparison of products or services by using complex interfaces or hiding important information.
• Confirmshaming: Emotional manipulation intended to shame the user into doing.
• Disguised ads: Adverts disguised as non-promotional content. 
• Fake scarcity: A false claim that the supply of a product or service is limited. 
• Fake social proof: Fake reviews and testimonials designed to falsely enhance a product’s credibility. 
• Fake urgency: A false claim that a product or service is available for a limited time only. 
• Forced action: Forcing a user to do something they might not wish to do in exchange for something they want. 
• Hard to cancel: Complex unsubscribe or cancellation processes. 
• Hidden costs: Enticing a user with an initially low price that is bumped up via fees or charges. 
• Hidden subscription: Presenting a recurring payment as a one-off purchase. 
• Nagging: Interrupting or repeatedly bothering a user in an attempt to manipulate them into taking a particular action. 
• Obstruction: Putting barriers in a user’s way to prevent them from taking a specific action. 
• Preselection: Enabling or selecting a setting or option by default to increase the likelihood that a user will accept it. 
• Sneaking: Drawing a user into taking an action by hiding key information. 
• Trick wording: Using ambiguous or confusing language that drives a user to take a particular action. 
• Visual interference: Obscuring or disguising information via unclear interfaces or web pages. 

But while this project began as a community effort, regulators and lawmakers are also cracking down on dark patterns. 

Federal Trade Commission (FTC)

The US Federal Trade Commission (FTC) explore dark patterns in its 2022 report, Bringing Dark Patterns to Light, in which the agency declared that it was on a “mission” to “stop deceptive or unfair business practices in the marketplace, including those that take the form of dark patterns.” 

Since the report, the FTC has enforced consumer protection law against companies allegedly employing dark patterns, including: 

• Amazon, which the FTC accused of tricking consumers into subscribing to Prime, and 
• Publishers Clearing House, which the agency said sought to “mislead consumers about how to enter the company’s well-known sweepstakes drawings.” 

European Data Protection Board (EDPB)

Several EU Data Protection Authorities (DPAs) have been vigilant in enforcing against the use of dark patterns, and the European Data Protection Board (EDPB)—which represents DPAs across Europe—has published several documents on the topic. 

The EDPB’s Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: how to recognize and avoid them describes several types of dark patterns allegedly implemented by social media providers, including: 

• Overloading: Confronting users with an “avalanche” requests or information in order to obtain more data about them.
• Skipping: A process that skips over important prompts or settings so users select less privacy-sensitive options.
• Fickle: Unclear or unfair interfaces that confuse users into making choices that might not be in their best interests. 

The EDPB’s Report of the work undertaken by the Cookie Banner Taskforce examines dark patterns in the context of cookie banners, which frequently make refusing cookies more difficult than accepting them. 

Recognition in primary law

Data protection and consumer protection laws have long included provisions intended to ensure fairness in user interfaces and transactions. 

Several provisions of the General Data Protection Regulation (GDPR) should, if applied correctly, prohibit dark patterns, such as the principles of fairness and transparency, concepts such as data protection by default, and the law’s strong definition of “consent.” 

Newer laws, particularly US privacy laws, have taken efforts to eliminate dark patterns a step further, either by specifically prohibiting certain manipulative practices or by explicitly defining and forbidding dark patterns on the face of the law. 

In fact, June 2024’s New York Child Data Protection Act (NYCDPA) requires certain businesses to implement a kind of “reverse dark pattern” by “clearly present(ing) an option to refuse to provide consent as the most prominent option.” 

But besides the risk of legal action, there’s another reason to avoid dark patterns on your website or app: People do not like being manipulated. 

Businesses have an opportunity to build trust and enhance customer relationships – simply by offering users a free, fair choice about whether they provide personal data, buy a product, or subscribe to a service.