Privacy & Information Security Law Blog

On July 10, 2024, the Federal Trade Commission, International Consumer Protection and Enforcement Network (“ICPEN”) and Global Privacy Enforcement Network (“GPEN”) announced the results of a comprehensive review regarding the use of “dark patterns.” Dark patterns are practices commonly found in online user interfaces and steer, deceive, coerce or manipulate consumers into making choices that often are not in their best interests. The review highlighted that dark patterns are widespread, with ICPEN noting that approximately 76% of the websites and apps it reviewed used at least one dark pattern, and nearly 67% used multiple dark patterns. GPEN noted that in approximately 97% of the websites and apps it reviewed, it encountered at least one dark pattern when attempting to make privacy-protective decisions or obtain privacy-related information.

Both reviews were conducted from January 29 to February 2, 2024. As part of the ICPEN review, which examined the use of dark patterns in subscription services, 27 authorities from 26 countries reviewed 642 websites and mobile apps that offer global subscription services. The GPEN review, in which the FTC also participated, examined design choices that encourage individuals to provide more personal information than they may have intended. In connection with the review, 26 privacy enforcement authorities examined over 1,000 websites and mobile apps.

The ICPEN and GPEN reports outline several key types of dark patterns:  

• Sneaking Practices: This involves practices that attempt to hide or delay the disclosure of information that is important to purchase decisions. The most common example during the review was the consumer’s inability to turn off a subscription auto-renewal within the purchase flow. Other examples include providing insufficient information regarding the steps to cancel during the enrollment process and not providing background on the date by which the consumer needs to cancel.

• Interface Interference: This involves attempts to frame information in a way that directs consumers towards decisions that are more favorable to a business. One type of interface interference, “false hierarchy,” involves emphasizing certain visual elements that may direct users towards less privacy-protective options.

• Obstruction: These practices attempt to dissuade a consumer from taking an action by making a task more difficult, such as making it more difficult to cancel than enroll in a subscription. Another example is creating “click fatigue,” which requires users to make numerous selections to obtain privacy-related background or to delete their account.

• Social Proof: This involves nudging consumers towards making a decision that is based on supposed behavior of other consumers. For example, this may involve claims that “X amount of people have bought this product in the last hour.”

• Forced Action: This requires consumers to take certain actions or provide more information to access a service than may be necessary to provide that service. For example, this may involve only offering users the choice to “accept” cookies to browse a business’ website.

• Urgency: This instills a sense of urgency for the consumer by creating a time limit on the ability to buy a product or service, such as indicating a product is “low in stock.”

• Nagging: These dark patterns repeatedly prompt a consumer to perform a specific action.

These findings mirror several common themes from the previous FTC report published in 2022, “Bringing Dark Patterns to Light.”