European data protection regulators have released new guidelines on recognising and avoiding “dark patterns” (Guidelines 03/2022).
Dark patterns are a type of manipulative design. We’ve all seen them online: pop-ups that make it harder to reject cookies than to accept them, confusing privacy notices, or emotionally-charged language imploring you to click something you might not want to click.
Let’s look at the six types of dark patterns that could violate data protection law and harm your users’ trust.
Six Types of Dark Patterns
The European Data Protection Board (EDPB) hates dark patterns, and there are many recent examples of companies receiving large fines for allegedly manipulative design tricks (Microsoft, TikTok, and Google, to name a few).
While the chances of getting a multi-million euro fine are relatively low, avoiding manipulative design can benefit your company in other ways. Giving your users genuine privacy choices can help build trust and enhance customer relationships.
The EDPB guidance is aimed at social media platforms, but it provides some solid tips that apply to any online service. These dark patterns might also be present in:
- Cookie banners
- Privacy notices
- Data subject rights portals
- Account setup processes
- Settings menus
- Email marketing forms
The EDPB identifies six broad types of dark patterns, each with several sub-types. Here’s an overview of the guidance.
Overloading users with requests, notices, or options to stop them from doing something or to ensure they continue doing something.
- Continuous Prompting: Repeatedly requesting more personal data than needed
- Privacy Maze: Using difficult-to-navigate interfaces that make it harder to exercise rights or limit data collection.
- Too Many Options: Providing unnecessary or excessive options that might discourage users from making a free choice.
Designing an interface that might lead users to miss important privacy-related settings.
- Deceptive Snugness: Enabling intrusive or unnecessary settings by default.
- Look Over There: Placing privacy-related choices next to non-privacy-related choices in a way that might distract the user.
Using emotive or “nudging” language or design options.
- Emotional Steering: Using emotive wording or bright colors to make one option appear more attractive than another.
- Hidden in Plain Sight: Designing an interface to hide or de-emphasize privacy settings.