- The Federal Trade Commission (FTC) has issued guidance on the use of dark patterns and has warned companies that it will increasingly focus its enforcement efforts on fraudulent and manipulative tactics on websites and mobile applications.
- A “dark pattern” is a user interface design method on a website or mobile application that causes a significant number of users to make choices they would not otherwise make that benefit the website or application provider rather than the users .
- Companies that use dark patterns on websites and mobile applications to deceive or manipulate consumers into taking adverse action may be subject to FTC scrutiny. Businesses should take the necessary steps to review their websites and mobile applications to mitigate this risk.
In recent years, the use of clickbait and dark patterns has drawn the attention and contempt of state legislatures, the Federal Trade Commission (FTC), attorneys general, consumer advocates, and consumers. Three state privacy laws attempt to specifically address the use of dark patterns to obtain consent in a privacy context. Soliciting public comment on updating its current .com Disclosures guidance, the FTC issued an Enforcement Policy Statement warning companies that it will increasingly focus its enforcement efforts on deceptive registration and termination tactics with negative option marketing and operations , has analyzed companies for difficult termination processes and most recently published its employee report “Bringing Dark Patterns to Light” (the Report). Attorneys general and consumer protection organizations have submitted comments, including this example, to the FTC expressing displeasure with clickbait and dark patterns.
This alert from Holland & Knight focuses on dark patterns and the FTC’s September 2022 report.
Examples of dark patterns highlighted by the FTC
A “dark pattern” is broadly defined as a user interface design method on a website or mobile application that results in a significant number of users making decisions that they otherwise would not make, that are more likely to affect the website or application provider than the user benefit users. Calling them manipulative design tricks and psychological tactics, the FTC explained that dark patterns “can be found in a variety of industries and contexts, including e-commerce, cookie consent banners, kids’ apps, subscription sales, and more.”
Examples of design practices that the FTC may consider dark patterns:
Companies that use website and mobile application design practices to deceive or manipulate consumers into taking adverse action may be subject to scrutiny by the FTC. In the report, the FTC made specific recommendations to help companies avoid using design methods in ways that could be viewed as dark patterns that violate the FTC statute and other federal laws.
The report indicates that organizations should take at least the following steps to mitigate risk:
- Consider design elements as a whole, as according to the FTC, multiple dark patterns can have an even stronger impact
- As part of A/B testing, consider whether a higher conversion from an interface is due to manipulative design elements
- Publish websites and mobile apps that don’t create false assumptions or otherwise deceive, and consider how a user interface can improve consumer understanding of key terms
- Consider the net impression of a website or mobile app as disclaimers may not overcome deceptive design
- Include accurate information about mandatory fees in the “Pre-Advertised Rate”.
- examine whether pricing practices treat consumers differently on the basis of race, national origin or other protected characteristics
- If a user interface is aimed at a specific audience (e.g. children), consider how design decisions will be perceived by that audience
- Review subscription cancellation mechanisms and potentially reduce the complexity and number of screens of the cancellation process
- If phone cancellation is allowed, review the policies and procedures in place for accepting calls during normal business hours and within a short time frame
- When accepting online purchases, consider the steps taken to ensure that the account holder consents to a purchase
- reevaluate the collection of personal data to minimize unnecessary collection
- Consider taking steps to avoid consumer privacy choices by changing default settings, the steps consumers need to take to make choices, clarity and prominence of toggle options, and use of just-in-time notifications and review choices regarding the collection and use of sensitive personal information
- Be transparent and accurate in collecting lead information and monitor third-party lead generators
The report increases the risk for companies using dark patterns as the FTC will hold them accountable for not following its guidance. The report’s release coincides with the FTC’s current enforcement activity, increased public discussion of dark patterns, and the FTC’s conclusion that manipulative design techniques may be more harmful online than in the physical environment, as more data can be collected about individuals to become manipulative Generating design elements and trying new techniques online is cheap and easy.
In addition, the FTC will not limit its enforcement activities to negative option/subscription contracts, to which it has focused its attention in the past. For example, large sections of the report focus on the use of dark patterns to influence privacy-related consent and preferences. The FTC’s focus on privacy is consistent with the privacy laws in California, Colorado, and Connecticut, which specifically state that consent requirements are not met if consent is obtained through the use of dark patterns. The privacy laws of Utah and Virginia also make it clear that valid consent must be given freely or voluntarily in an informed manner. Regulatory authorities in Utah and Virginia may take the position that the use of dark patterns to obtain consent is uninformed and voluntarily or voluntarily consented.
In addition to the risk of federal and state regulatory compliance, businesses that use obscure patterns in obtaining a legal agreement with consumers could risk future claims that an agreement was not formed or is voidable because there was no acceptance or agreement on the matter on this agreement.
Businesses should consider reviewing the user interface design of their websites and mobile applications to determine if any of the techniques described in the report are used to obtain consent or consent from users. If so, the company can assess whether the techniques are dark patterns and take action to update them.
For more information about the FTC report or for companies that need assistance in validating user interface design practices to comply with the report or other FTC guidelines, contact the author or another member of Holland & Knights Data Strategy, Security & Privacy Team or Consumer Protection Defense and Compliance Team.
The information contained in this warning is for the general education and knowledge of our readers. It is not intended and should not be relied upon as the sole source of information in the analysis and resolution of a legal problem, and it should not replace legal advice based on a specific analysis of the facts. In addition, the laws of each jurisdiction are different and constantly changing. This information is not intended to create an attorney-client relationship and its receipt will not create an attorney-client relationship. If you have specific questions about a particular matter, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.