Dark Patterns: Legal and Regulatory Considerations

Monday 26th September 2022

‘Dark patterns’ are features of user-interface design which are crafted to persuade online consumers to do things that benefit the business in question. 

Whilst you might not recognise the term ‘dark patterns’, you may be familiar with their effects when buying online.  One example of a dark pattern is an online subscription service, which is easy to sign up to but virtually impossible to cancel.

The use of dark patterns is not by default illegal – it depends how the dark pattern is applied. Online businesses clearly need to be persuasive to consumers, but dark patterns risk breaching both data protection and consumer laws and so should be used with caution.

We have summarised some of the most common dark patterns below:

Common types of dark patterns include:

Roach Hotel

This is where businesses make it difficult to end a subscription. Whilst the consumer finds it easy to click a button to enter into a subscription, they lose patience when trying to cancel and decide to ‘live with’ it.

For example, Amazon Prime’s cancellation system recently attracted criticism from the Norwegian authorities which examined this dark pattern and found that consumers who wanted to leave the service were “faced with a large number of hurdles including complicated navigation menus, skewed wording, confusing choices, and repeated nudging…making the process needlessly difficult and frustrating to understand”.

Consumer law is clear on the requirements for a compliant subscription service. We are likely to see increased regulation in this area due to the volume of people, with an eye on increasing cost of living and inflation, wanting to cancel subscriptions they signed up to during the pandemic. For more information about compliant subscription services, read our recent overview here.

Confirm Shaming

Confirm shaming is a less overt dark pattern, where businesses try to obtain personal data by using negative language.  For example, to get users’ email addresses, an online publisher may offer two choices like ‘Unlock the all-time 50 must-have games’; or, ‘I don’t like games’.

This dark pattern plays on the sensibilities of the publisher’s target audience. An enthusiastic gamer may be reluctant to select the second option, so click the first option, but at the cost of giving up their email address. The duality of the options has a clear purpose: to encourage the user to choose the option which benefits the business.

Pressure Selling

Another dark pattern, commonly used by the travel industry, is “pressure selling”, for example, when a consumer is faced with the wording “37 other people are also looking at this route” during a search for train tickets. This could be followed by a statement that only 3 tickets remain at the stated price.  This dark pattern creates a sense of urgency in the user to buy the goods or services quickly.

In 2019, the Competition and Markets Authority (CMA) took enforcement action against travel booking agencies who employed dark patterns in this way. The CMA’s concerns were founded on the principles in the Consumer Protection from Unfair Trading Regulations 2008 (CPTR 2008). These include a prohibition against unfair commercial practices and practices that materially distort or are likely to materially distort the economic behaviour of the average consumer. The CMA said such practices could “mislead consumers”.   The offending companies had to undertake to comply with CMA principles and stop this use of dark patterns. Interestingly, the CMA did not say whether the practices actually breached consumer rights protections, nor was any attempt made to enforce the CPTR through the courts.

This type of dark pattern is commercially valuable to sellers and, where used accurately, does not automatically break any laws. Organisations should avoid misleading consumers, and ensure their tactics contain accurate, verifiable data.

Sneak Into Basket

Certain dark patterns have been illegal in England and Wales and the EU for some time, for example, where goods or services that a user has not specifically ordered are automatically added to their basket at checkout.. This dark pattern was made illegal by the Consumer Rights Directive and the Consumer Protection (Distance Selling) Regulations 2000 (later the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013) and should not be used by online retailers.

Data Protection Issues With Dark Patterns  

Where dark patterns are used to press consumers into making a certain choice about the use of their personal data, there are concerns that the requirement for valid consent under privacy laws are not met. This could attract enforcement notices and/or fines from UK data regulators. 

Regulation and Consumer Protection

More recently, the CMA has given more publicity to the use of dark patterns, publishing a research paper called “Algorithms: How they can reduce competition and harm consumers”. The paper specifically cited dark patterns as a type of practice which have the ability to cause direct harm to consumers. 

Perhaps most importantly, the new EU Digital Services Act, expected to become EU law in autumn of 2022, has been amended to include a specific definition for dark patterns, prohibiting online interfaces that ‘deceive, manipulate, or otherwise materially distort’ a user’s ability to make free and informed decisions. UK companies operating in the EU should be think carefully about how and when to employ dark patterns.

Commercial Considerations

There are many legitimate ways to use dark patterns, a fact which the CMA acknowledged in its recent paper: “certain dark patterns allow businesses to make effective improvements to their goods and services based on the choices which their users make”. For example a multi-layered cancellation procedure can allow a company to find out why the individual is cancelling the subscription, and so to improve their service.

However, when dark patterns are employed to, as the EU Digital Services Act states, ‘deceive, manipulate, or otherwise materially distort a user’s ability to make free and informed decisions’, regulators will step in.

Organisations should tread carefully and bear data protection and consumer laws in mind when creating designs which have an impact on user choice.

If you have any questions or concerns regarding subscription services, use of design incentives, or data protection laws, please contact one of our experts.