On April 29, 2021, the FTC hosted a public workshop on digital dark patterns and explored whether user interfaces can have the effect of obscuring, subverting, or impairing consumer autonomy and decision-making. On September 2022, the Federal Trade Commission (“FTC“) released a report (“Report“) showing how companies are increasingly using sophisticated design practices known as “Dark Patterns” that can trick or manipulate consumers into buying products or services or giving up their privacy.
The Report highlighted the FTC’s efforts to combat the use of Dark Patterns in the marketplace and reiterated the agency’s commitment to taking action against tactics designed to trick and trap consumers.
The Report, found Dark Patterns used in a variety of industries and contexts, including e-commerce, comparison websites, cookie consent banners, children’s apps, and subscription sales. The report focuses on four common dark pattern tactics:
- Design Elements that Induce False Beliefs.
Some dark patterns manipulate consumer choice by inducing false beliefs. Classic examples of these types of deceptive dark patterns include advertisements deceptively formatted to look like independent editorial content; comparison websites that claim to have independent ranking system, however actually rank companies based on compensation; and countdown falls timers on offers that are not actually time-limited. According to the FTC, disguised advertising and promotional messages are deceptive when they mislead consumers into believing they are independent, impartial, or not from the sponsoring advertiser itself.The Report focuses on Comparison websites. According to the FTC, Comparison websites induce false beliefs in consumers when the overall impression created by various design elements is deceptive. Consumers who visit these websites expect that the recommendations will be objective and unbiased. When they aren’t—and instead are based on third parties’ compensations or other connections— these sites are deceptive. Knowing that there is a payment relationship between the reviewer and the third party would affect the credibility consumers give the review and may influence whether and to what extent consumers choose to interact with that content. A recent example in this context is The FTC’s action against the loan comparison website LendEDU.com. As detailed in the FTC complaint, LendEDU used its rankings to sort companies in rate comparison tables, thereby giving consumers the impression that the evaluated top-listed company is the best. In reality, the FTC alleged, LendEDU boosted companies’ rankings and positions based exclusively on the compensation LendEDU received from such ranked companies. Also, LendEDU falsely represented to consumers that its rankings were objective, honest, and unbiased.
- Design Elements that Hide or Delay Disclosure of Material Information.
Some dark patterns operate by hiding or obscuring material information from consumers, such as hiding key limitations of the product or service in complex and long Terms of Service that consumers don’t see before purchase.For example, the FTC charged that the LendingClub Corporation deceived consumers about hidden fees associated with its online loans. According to the FTC’s complaint, LendingClub used falls visual element to promise loan applicants that they would receive a specific loan amount and pay “no hidden fees”, when in reality the company deducted hundreds or even thousands of dollars in hidden fees from the loans it disbursed. LendingClub used buttons consumers were unlikely to click on during the online application process, and hide the mention of fees later in the application process in an un-bolded details between more prominent.
- Design Elements that Lead to Unauthorized Charges.
Another common Dark Pattern involves tricking someone into paying or register a specific service without having their consent. These Dark Patterns can undermine consumer trust in the market, ultimately hurting other companies who engage in legitimate and honest practices. For example, deceptive subscription sellers may trick consumers with recurring payments for products and services they never intended to purchase or that they do not wish to continue purchasing.Another frequent example of a dark pattern resulting in unauthorized charges is when a company deceptively offers a free trial period, but then, without telling the consumer, the trial is followed by a recurring subscription charge if the consumer fails to cancel. For example, in its case against ABCmouse, the FTC alleged the online learning site made it extremely difficult to cancel free trials and subscription plans despite promising “Easy Cancellation”. Consumers who wanted to cancel their subscriptions were often forced to navigate a difficult-to-find, lengthy, and confusing cancellation path. As explained in the FTC’s Enforcement Policy Statement on Negative Option Marketing, sellers shall provide a simple mechanism for consumers to cancel. To meet this standard, the cancellation mechanisms shall be at least as easy to use as the method the consumer used to buy the product or sign up for the service.
- Design Elements that Obscure or Subvert Privacy Choices.
Another well-known Dark Pattern involves design elements that hide or undermine consumers’ privacy choices and rights. These Dark Patterns are often presented as giving consumers choices about privacy settings or sharing data but are designed to intentionally lead consumers toward the that best serve the company and not the customer – the option that gives away the most personal information.Such Dark Patterns include: (1) do not allow consumers to definitively reject data collection or use; (2) repeatedly prompt consumers to select settings they wish to avoid; (3) present confusing toggle settings leading consumers to make unintended privacy choices; (4) purposely obscure consumers’ privacy choices and make them difficult to access; (5) highlight a choice that results in more information collection, while greying out the option that enables consumers to limit such practices; and (6) include default settings that maximize data collection and sharing.As an example of a Dark Pattern involves elements undermine consumers’ privacy, the FTC specified in the report the default setting flow on Google’s Android phones which maximizing the data location collection by encouraging consumers to enable location collection. As explained in the report, location data is extremely valuable and can reveal sensitive details about consumers including where they live and work. In fact, the FTC sued data broker Kochava, Inc., related to its sale of consumer location data. The FTC alleged in its complaint that Kochava sold geolocation data from hundreds of millions of mobile devices—data that can be used to trace the movements of individuals to and from sensitive locations. Thus, using Dark Patterns which may undermine consumer’s privacy intentions with respect to location information would be highly problematic.
In addition to generally minimizing data collection efforts, business should avoid from hiding important information related to consumers’ privacy rights. Consumer shall not have to navigate through multiple screens to find privacy settings or have to look for settings buried in a privacy policy or in a company’s terms of service: such information related to privacy choices should be presented at a time and in a context in which the consumer is making a decision about their data.
Another example on the privacy-related Dark Pattern involves lead generators activities, that convey a false affiliation to manipulate consumers into sharing personal information. For example, the FTC charged the lead generator Sunkey Publishing with using websites designed to appear as official recruiting websites affiliated with the U.S. military, to target people seeking to join the armed forces. According to the FTC complaint, Sunkey falsely promised to use the information collected only for military recruitment purposes but in reality, sold the information as marketing leads. Lead generators must be honest about who they are and why they are collecting information. If a company represents that they are collecting consumer information for one purpose, they cannot then share it with a different buyer or for a different purpose without consumer consent. Deceptive lead generators that manipulate consumers into sharing personal information under false pretenses violate the FTC Act.
Further, as Dark Patterns have been a growing concern for legislators also in the EU and UK, the DSA (the European Digital Service Act) was recently given the final approval to include the first express prohibition on “dark patterns” in EU law. Such bans will be enforced within 15-months, and will prohibit all providers of online platforms from using Dark Patters. Providers of online platforms will be required not to design, organize or operate their online interfaces in a way that deceives, manipulates or otherwise materially distorts or impairs the ability of users of their services to make free and informed decisions.
For conclusion, while the use of Dark Patterns is expanding among a variety of industries and contexts, these practices are now on the FTC’s enforcement radar. The Report serves as an additional resource for the public and a guide for businesses to improve their online interfaces to be in accordance with the FTC’s principles.
In addition, the DSA prohibitions give some insight into the core concerns of the EU legislators in relation to dark patterns and hints on where the wider dark-patterns legislative and enforcement agenda may go in the future similar to the FTC.
This document is intended to provide only a general background regarding this matter. This document should not be regarded as setting out binding legal advice, but rather a practical overview that is based on our understanding. APM &Co. is not licensed to practice law outside of Israel.
APM Technology and Regulation Team.