Dark Patterns are a Real Threat: from Global Statistics to Real Life Applications: Awareness is Key
Welcome to our latest edition on dark patterns. In this newsletter, we will provide an overview of the latest reports on dark patterns from around the world, comparing them with previous results. In our R&D Lab, we analyse each report in depth, so that we can give you interesting insights.
We also want to stay real: dark patterns are not just a theoretical issue. They can be found on the majority of websites that we visit every day. In the second part of the newsletter, we will highlight cases against major companies using deceptive designs. Let’s fight #darkpatterns together. Ready to start reading?
Global Reports on Dark Patterns: Unveiling Widespread Threats
North America’s Findings: FTC, ICPEN, GPEN, and OPC Reports
The FTC, International Consumer Protection and Enforcement Network (ICPEN), and Global Privacy Enforcement Network (GPEN) examined 642 companies’ sites and apps. They discovered that 75.7% used at least one dark pattern, with 66.8% using two or more. 🌐🔍 This is a slight improvement from the European Commission’s 2022 study, which found dark patterns in 97% of e-commerce sites. However, deceptive practices remain alarmingly common.
Common practices included making it hard to turn off auto-renewal for subscriptions and promoting options that benefit companies over consumers. ❌ These findings emphasize the significant impact of dark patterns on consumers’ finances and privacy. As the FTC takes the ICPEN presidency for 2024-2025, it pledges to intensify efforts against deceptive practices. 💪🤝
In Canada, privacy policies filled with excessive text are now officially labeled as #DeceptiveInterface by regulators. This aligns with the European Data Protection Board’s 2023 guidelines, which also consider overly long privacy policies as dark patterns. 🧠 This highlights the importance of #PlainLanguage in protecting personal information and privacy across various contexts, including consumer and membership contracts.
👀 For detailed findings, read the full article from the FTC: https://www.ftc.gov/news-events/news/press-releases/2024/07/ftc-icpen-gpen-announce-results-review-use-dark-patterns-affecting-subscription-services-privacy
👀 And the full report from Canadian Authorities: https://www.priv.gc.ca/en/about-the-opc/what-we-do/international-collaboration/international-privacy-sweep/2024_sweep/opc-sweep-report-2024/
Historical Context: Key Findings from OECD, EC, and Japan
In 2022, the European Commission conducted a study revealing dark patterns in 97% of popular EU websites and apps. These included hidden information, preselected options, nagging reminders, difficult cancellations, and forced registration. The prevalence of dark patterns varied across different types of websites and apps, with countdown timers and limited-time messages being common on e-commerce platforms, while nagging was more frequent on health and fitness websites/apps.
The OECD’s 2022 report expressed concern over the substantial consumer detriment caused by dark commercial patterns. These deceptive practices are prevalent in online interfaces, steering, deceiving, coercing, or manipulating consumers into choices that are not in their best interests. The report proposed definitions and policy responses to help consumer policymakers and authorities address these issues.
In Japan, a growing number of online consumers fall prey to subscription-based purchases without consent or face difficulties canceling due to deceptive web designs. Misleading countdowns and preselected subscription options lead to unintended financial commitments. Elderly individuals, less familiar with digital technology, are particularly targeted by unscrupulous online retailers, blurring the line between clever marketing and outright deception.
➡️ Read the Japan report’s findings here: https://www.japantimes.co.jp/business/2023/10/29/dark-patterns-online-consumers/
👀 Oldie but goldie - the European Commission study on dark patterns in 2022 EC Study: https://op.europa.eu/en/publication-detail/-/publication/606365bc-d58b-11ec-a95f-01aa75ed71a1/language-en
👀 And the OECD report also in 2022: https://www.oecd.org/en/topics/dark-commercial-patterns.html
Dark patterns are an ongoing global issue affecting online consumers’ financial and privacy interests. By staying informed and vigilant, we can work together to combat these deceptive practices. Let’s continue to raise awareness and push for stronger regulations to protect consumers worldwide.
Diving Deeper into Relevant Statistics from around the World
🇧🇪 Belgium: Consumer Protection Authority Findings
The consumer protection authority of Belgium, known as the SPF Economie, has highlighted concerning findings regarding dark patterns on its official website. Their report revealed that among the 13 companies’ websites monitored, every single one had at least one dark pattern, with 69.23% featuring two. Two particular practices stood out in Belgium:
• Impossibility of Disabling Automatic Renewal: Users found it challenging to disable automatic subscription renewals at the time of purchase, making it harder to avoid ongoing charges. • Interface Interference: This includes tactics like pre-ticking subscription options, making it easy for users to unintentionally agree to recurring payments or services they do not want.
➡️ Full article here: https://news.economie.fgov.be/239267-dark-patterns-un-piege-invisible-en-ligne
🇪🇸 Spain: Misleading and Addictive Design Patterns
In Spain, the Spanish Data Protection Authority (DPA) issued a report focusing on how providers implement misleading and addictive design patterns. These patterns are designed to prolong user engagement and increase the amount of personal data collected. The report highlights several key points:
• Deceptive Patterns: These are interfaces and user experiences on social media platforms that lead users to make unintended, unwilling, and potentially harmful decisions regarding their personal data. • Addictive Patterns: Defined as design features or practices that make users spend more time or engage more deeply with digital platforms than is expected or healthy.
These patterns have significant implications for data protection, affecting aspects such as the lawfulness of processing, consent conditions, transparency, purpose limitation, data minimization, data protection by design and default, and accountability.
➡️ The full report is available here: https://www.aepd.es/guides/addictive-patterns-in-processing-of-personal-data.pdf
🇦🇺 On the Other Side of the World: Privacy Concerns in Australia
Australian Consumer Policy Research Centre (CPRC) Findings
A report from the Australian Consumer Policy Research Centre (CPRC) sheds light on the challenges Australians face in managing their online privacy. Key findings include:
• Time Spent on Privacy Settings: Australians need to spend an average of 30 minutes daily adjusting privacy settings if they don’t want to accept the default options. • Reading Privacy Policies: It would take an average of 14 hours to read all the privacy policies encountered in one day. The average privacy policy encountered in 24 hours was 13,323 words long, taking about 56 minutes to read. Microsoft’s policy was notably extensive, with over 90,000 words—the length of an average novel. • Difficulty of Managing Privacy Settings: On average, it takes Australians 2 minutes to change privacy settings on each app or site, compared to just 3 seconds for a European participant. Furthermore, 45% of interactions to manage privacy settings were found to be difficult. Health, wellbeing, and lifestyle apps were particularly challenging, with users finding these difficult or very difficult 80% of the time, often due to dark patterns. • Lack of Privacy Options: 37% of websites and apps provided no option to adjust privacy settings.
In a previous CPRC study, only 7% of participants felt that companies offered them real choices to protect their privacy online.
Real-Life Applications: Major Companies and Dark Patterns
Dark patterns are not just confined to obscure corners of the internet; they are prevalent on major websites we use daily. Let’s delve into some high-profile cases and understand how these deceptive practices manifest in real-world scenarios.
👀 European Commission v. Twitter
On the 12th of July 2024, the European Commission notified X of its preliminary finding that the company is in violation of the Digital Services Act (DSA) in several critical areas, specifically related to dark patterns, advertising transparency, and data access for researchers.
If the Commission's findings are confirmed, a non-compliance decision could be issued, citing breaches of Articles 25, 39, and 40(12) of the DSA. X could face fines up to 6% of its total worldwide annual turnover.
➡️ https://ec.europa.eu/commission/presscorner/detail/en/IP_24_3761
✋ Norway, Spain and UK v. META
Norway’s Consumer Council, along with the European Center for Digital Rights (noyb), is filing a complaint against Meta with the Norwegian data protection authority (and other countries). The main claim is that Meta's announced use of user content to train its AI is in direct violation of the GDPR. Among the many points, the complaint says Meta doesn’t have a valid legal basis, provides no specific purpose, is missing clear and accessible information, and has purposefully made opting out difficult through the use of dark patterns. Importantly, this processing is irreversible and the deadline to opt out (for those who are able) is June 26, 2024.
Spanish prosecutors have initiated an inquiry into Meta, collaborating with the Spanish data protection authority to address potential issues related to Meta's use of personal data for AI training. They hope to take action to prevent possible issues if/when Meta resumes its plan.
➡️ https://www.verdict.co.uk/spanish-prosecutors-probe-meta/
Meta's plan to use user data for AI training has led to legal challenges in the U.K., with the Open Rights Group (ORG) filing a complaint with the Information Commissioner’s Office (ICO). The ORG argues that Meta's actions breach U.K. GDPR by lacking legitimate interest, failing to specify processing purposes, using misleading opt-out mechanisms, and not providing clear information. They urge the ICO to halt Meta's data processing without explicit consent and conduct a thorough investigation to protect user privacy.
🔎 Austria and Italy v. GOOGLE
The organization noyb has filed a complaint against Google with the Austrian data protection authority, alleging violation of the GDPR. The complaint focuses on Google's "Privacy Sandbox" feature in its Chrome browser, which was introduced as a protection for third-party cookies. Noyb argues that this feature, presented as an ad privacy tool, is misleading as it allows Google to track user activity through dark patterns. Google's defense is that this new system is less invasive, despite still being invasive.
➡️ https://noyb.eu/en/google-sandbox-online-tracking-instead-privacy
The Italian Competition Authority (ICA) initiated an investigation against Google and its parent company Alphabet over concerns that their request for user consent to link services may constitute misleading and aggressive commercial practices. The ICA's investigation focuses on the following key points:
- Inadequate Information: The request for consent allegedly lacks sufficient, clear, and accurate informationregarding the implications of consenting to the linking of Google services. Users may not fully understand the extent to which their personal data will be used.
- Misleading Practices: The consent request is claimed to be accompanied by incomplete and potentially misleading information, which could unduly influence users' decisions on whether and how much consent to give.
- Scope of Services: There are concerns about the transparency regarding the variety and number of Google services involved in the "combination" and "cross-use" of personal data, as well as the possibility for users to limit their consent to specific services.
- Techniques and Methods for Consent: The ICA alleges that Google may use specific techniques and methods in requesting consent that could compromise users' freedom of choice. This could lead users to make commercial decisions they might not have made if they had been fully informed, thereby consenting to the use of their personal data across multiple Google services.
The ICA is scrutinizing whether these practices might pressure users into consenting to data linking and usage in ways that they would not have agreed to if provided with comprehensive and clear information.
➡️ https://uk.finance.yahoo.com/news/whats-going-googles-parent-alphabet-180110525.html
🇨🇳 European Commission v. SHEIN and TEMU
Following the complaint submitted to the Commission by consumer organisations last May, the European Commission issued formal requests for information to online marketplaces Temu and Shein under the Digital Services Act (DSA) on the 28th of June 2024. The Commission seeks detailed information on their compliance with DSA obligations, particularly regarding :
- the "Notice and Action mechanism" (which allows users to report illegal products)
- the design of online interfaces (ensuring they do not deceive or manipulate users through "dark patterns")
- the protection of minors,
- the transparency of recommender systems,
- trader traceability,
- and overall compliance by design.
🇺🇸 Arizona v. AMAZON
On the 15th of May 2024, Arizona Attorney General Kris Mayes filed two separate lawsuits against Amazon, accusing the online retail giant of engaging in unfair and deceptive business practices that violate the state's consumer fraud and antitrust laws. These lawsuits coincide with an upcoming trial by the Federal Trade Commission (FTC) against Amazon for alleged federal antitrust violations.
The consumer fraud lawsuit is based on Arizona’s Consumer Fraud Act, and focuses on Amazon's use of dark patterns to deceive consumers attempting to cancel their Prime memberships.
- Internal documents obtained by Business Insider, cited in the suit, revealed that Amazon employees knowingly employed confusing tactics to discourage cancellations. The suit also alleges that Amazon executives used the encrypted messaging app Signal to destroy evidence related to these practices.
- One internal program, dubbed "Project Iliad," implemented by Amazon aimed to reduce cancellations by 14% by employing deceptive tactics during the cancellation process. This included forcing users to navigate through multiple screens with varying language and utilizing a scheme referred to as a "roach motel" to trap users in a cycle of redundant interfaces.
In response to these legal challenges, Amazon is facing scrutiny from federal and state authorities, as well as a class action lawsuit filed by Prime members over price increases to their ad-free video platform.
Fighting Dark Patterns: Consumer Awareness and Regulatory Actions
💪 Consumer Awareness: Educating and Empowering Users
Raising awareness among consumers is crucial in combating dark patterns. Users need to be educated about these deceptive practices and equipped with the knowledge to recognize and avoid them. Organizations and consumer advocacy groups play a vital role in this educational effort, providing resources and guidelines to help users navigate the digital landscape safely.
💼 Regulatory Actions: Global Efforts and Legislative Measures
Governments and regulatory bodies worldwide are increasingly focusing on combating dark patterns. The European Union’s General Data Protection Regulation (GDPR) is a prime example of comprehensive legislation aimed at protecting user privacy and data rights. Similarly, the California Consumer Privacy Act (CCPA) in the United States provides consumers with greater control over their personal information. These regulations impose stringent penalties on companies that engage in deceptive practices, thereby encouraging compliance and ethical behavior.
The fight against dark patterns requires collective effort and vigilance from consumers, regulators, and companies. By staying informed and advocating for transparent and ethical design practices, we can create a safer and more user-friendly digital environment. Initiatives like consumer awareness campaigns, stricter regulations, and continuous monitoring of companies’ practices are crucial in combating these deceptive tactics. Let’s commit to supporting and promoting ethical design in all our online interactions to ensure dark patterns become a thing of the past.
The highlights of this month!
- Our series of posts on AI Transparency: #1 - https://www.linkedin.com/posts/fairpatterns_aitransparency-plainlanguage-ai-activity-7207351155960483840-0aKr?utm_source=share&utm_medium=member_desktop #2 - https://www.linkedin.com/posts/fairpatterns_aitransparency-aiact-aiact-activity-7212031924347838464-7Xry?utm_source=share&utm_medium=member_ios #3 - https://www.linkedin.com/posts/fairpatterns_aitransparency-plainlanguage-ai-activity-7214931024869294080-qfpn?utm_source=share&utm_medium=member_ios #4 - https://www.linkedin.com/posts/fairpatterns_aiact-airegulation-techethics-activity-7219944082352058368-FYdd?utm_source=share&utm_medium=member_ios #5 - https://www.linkedin.com/posts/fairpatterns_ai-artandai-automation-activity-7222269393966182400-XJDF?utm_source=share&utm_medium=member_ios
- Our indepth analysis of the AI Act and its implications for businesses: https://www.linkedin.com/posts/fairpatterns_ai-act-analysis-activity-7218668153273204736-fTob?utm_source=share&utm_medium=member_ios
- Our AI Roadmap to Avoid Dark Patterns in Digital Marketing: https://www.linkedin.com/posts/fairpatterns_ai-roadmap-activity-7220019577630400512-ysHW?utm_source=share&utm_medium=member_ios
Discover how we can support you!
Want to know more?
You can find all of our news updated on our site www.fairpatterns.com and listen our podcast with some amazing voices helping framing #darkpatterns through different lenses.