Dark Patterns: Deceptive App Design Is Bad for Business


It’s time to reassess your company’s user interfaces. Now, companies operating online must not only present complete, up-to-date and legally compliant privacy policies and terms of service. They also need to make sure their user interfaces don’t violate new laws prohibiting the use of dark patterns.

Dark patterns = misleading design

You’re shopping online when, on the last step of the checkout process, you discover unexpected charges, such as a subscription or protection plan, suddenly added to the bill. You decide it’s finally time to cancel that expensive online subscriptiononly to spend 20 minutes clicking on a subpage on a help screen only to spend another 45 minutes waiting with a customer service rep who you have to beg to unsubscribe from.

These are “dark patterns“- a term describing deceptive or confusing online interface designs used to trick or induce users to do things they did not intend to do. Dark schemes harm users by preventing them from protecting their personal data effectively and to make conscious choices.

In some cases, website operators take advantage of known cognitive biases. In other cases, these manipulation tricks in software make the user experience so complicated that the user gets tired and gives up on the desired outcome, such as canceling or unsubscribing.

The legal landscape and the risks of non-compliance

Companies are starting to face legal and financial consequences for their alleged use of dark models. In a recent complaint filed against GrubHub in DC Superior Court, DC Attorney General alleges food delivery platform hidden fees and deceptive tactics, such as creating microsites to entice consumers to order from GrubHub, are detrimental to both restaurants and consumers.

In a complaint filed against a credit bureau in the Northern District of Illinois, the Consumer Financial Protection Bureau alleges that the credit bureau tricked customers into spending extra money for its services by using shadowy patterns, such as the including a disclosure in an image that took longer to load than the rest of the web page, and putting the information in small, low-contrast type so that it is easily missed.

Consumers who requested their free credit report from the credit bureau were reportedly asked to provide credit card information that appeared to be part of an identity verification process; instead, they would have been signed up for a recurring monthly fee.

Comprehensive data privacy laws have begun to include prohibitions on “dark patterns”. Under the new California Privacy Rights Actwhich comes into effect on January 1, “dark models” are defined as “the user interface[s] designed or manipulated with the substantial effect of subverting or impairing the autonomy, decision-making or choice of the user”.

CPRA, the Connecticut Data Privacy Lawand the Colorado Privacy Law prohibit the use of dark patterns to obtain consent. Companies that continue to use tactics such as confirm-shame, trick questionsWhere forced continuity expose themselves to heavy civil and administrative penalties.

Avoid, remove dark patterns

To minimize the risk of litigation and serious penalties, companies should review their online service offerings for dark patterns and consider making changes, including the following:

  • Review your click wrap agreement and privacy consent interfaces for hidden items. Ensure that all privacy consent and legal agreement elements are visually striking in the interface by using high contrast colors and underlining. Avoid highlighting the most invasive options.
  • Replace clever or catchy language with neutral, concise language. Faced with the option to “register for free”, the option not to register must be neutral and clear to the user. Although it may seem cute to replace “no thanks” with “no, I don’t like free stuff!” the latter is a classic query on the user’s emotions through “confirm-shaming”.
  • Use clear and consistent wording. Throughout the website, the same wording and definitions should be used for the same privacy concepts. To avoid confusion, or even worse, “bait and switch”, review consents or sign-up processes for inconsistencies or the use of double negatives that may cause users to share more information than they would not have chosen otherwise.
  • Explain the consequences. When users wish to give or withdraw their consent or activate or deactivate a particular data control, inform them in a neutral way of the consequences of such actions.
  • Ensure consistency across devices. If your platform is available on different devices (e.g. desktop, mobile, app, etc.), ensure that privacy-related settings and information are equally accessible and located in the same spaces between different versions.
  • Implement a symmetrical onboarding experience. If your users can create an account or start a subscription with just a few simple clicks, they shouldn’t have to wait with a customer service representative or scroll through multiple subsections of your website to cancel or unsubscribe. While it is acceptable to require a password or other simple confirmation step in the onboarding process, user onboarding shouldn’t take significantly more time or energy than the experience. boarding.

With the increased attention paid to dark patterns by regulators and enforcement agencies, companies should assess their user interfaces for dark patterns. In addition to reducing your business’ legal risk, making the user experience clearer and simpler could also lead to happier customers.

This article does not necessarily reflect the views of the Bureau of National Affairs, Inc., publisher of Bloomberg Law and Bloomberg Tax, or its owners.

Write for us: guidelines for authors

Author Information

Jamie Nafziger is a partner at Dorsey & Whitney LLP and chair of the firm’s Cybersecurity, Privacy and Social Media practice group.

Bianca Tillman is a partner at Dorsey and a member of the firm’s Cybersecurity, Privacy and Social Media practice group.

Previous School board recall bid leader faces bogus complaint charges
Next Book Writing Cube Announces Ghostwriting Services to Help Its Story Get to Paper