Italy v. Apple, South Korea dark pattern code, FTC warning, and New York’s consumer protection expanding

Hello from 2026 and welcome to a new year of digital accountability.

Fair Monday is FairPatterns' weekly analysis of regulatory developments, enforcement actions, and dark pattern cases affecting digital trust and consumer protection. As we step into 2026, enforcement is intensifying, penalties are growing, and the regulatory landscape is evolving faster than ever.

Every Monday, we break down complex legal actions to help businesses understand how to build ethical digital experiences in this new era of heightened scrutiny. We deliver the latest developments in regulatory enforcement, class action lawsuits, and industry accountability, tracking how major platforms are being held responsible for deceptive practices that manipulate user behavior, exploit consumer trust, and undermine digital rights.

Whether you're a legal professional, UX designer, compliance officer, or simply a consumer who wants to understand how digital deception works, Fair Monday provides the insights, case analysis, and precedent-setting developments you need to navigate 2026's evolving landscape of digital fairness.

Italy fines Apple €98.6M for privacy dark patterns in ATT framework

On December 22, 2025, Italy's competition authority (AGCM) imposed a €98.6 million penalty on Apple for abusing its dominant position through the App Tracking Transparency (ATT) policy. The investigation, coordinated with the European Commission and Italian Data Protection Authority, revealed that ATT creates unlawful competitive asymmetries disguised as privacy protection.

The Core Violation: Apple's ATT framework forces third-party developers to display two separate consent prompts (Apple's mandatory ATT prompt plus their own GDPR-compliant mechanism) for the same data collection purpose. Meanwhile, Apple's own advertising services obtain equivalent consent through single interactions, creating systematic friction for competitors while preserving Apple's data access advantages.

Dark Pattern Categories Identified:

• Interface Interference: Manipulative button positioning and framing language (confirmed by German Bundeskartellamt)
• Forced Action: Mandatory double consent exclusively for third-party developers
• Obstruction: Asymmetric rules benefiting Apple's advertising division
• Misleading Design: 59% of iOS apps deploy dark patterns within ATT alerts (USENIX Security research)

Apple's ATT policy faces scrutiny across five European jurisdictions. Italy's €98.6M penalty and Poland's proceedings (potential 10% global turnover penalty) establish concrete enforcement precedent. Germany mandates design remedies explicitly targeting dark patterns. France imposed a €150M fine in March 2025 for separate Apple privacy violations. Romania maintains active investigations.

All coordinate through the European Competition Network (ECN), establishing a critical precedent: consent interface design (terminology, visual hierarchy, button placement, mandatory double prompts) constitutes a competition law violation when systematically favoring platform owners over ecosystem participants.

FTC warns 10 companies over consumer review rule violations

On December 22, 2025, The Federal Trade Commission issued warning letters to 10 companies for potential violations of the Consumer Review Rule, which became fully enforceable on October 21, 2024. The enforcement action targets deceptive review practices that manipulate consumer trust and purchasing decisions, with civil penalties reaching up to $53,088 per violation.

The warnings address six critical categories of review manipulation:

Fake Reviews: Creating or purchasing testimonials from individuals who never used the product or misrepresenting reviewer identities.

Incentivized Reviews: Offering compensation or benefits conditioned on positive sentiment, such as gift cards exclusively for 5-star ratings.

Undisclosed Insider Reviews: Employees, officers, or their family members posting reviews without disclosing their material connection to the business.

Company-Controlled Review Sites: Operating platforms that falsely claim independence while being controlled by product manufacturers or sellers.

Review Suppression: Using legal threats or intimidation to prevent or remove negative reviews, or selectively displaying only positive feedback.

Fake Social Media Metrics: Purchasing fake followers, views, or engagement generated by bots or compromised accounts.

Christopher Mufarrige, Director of the FTC's Bureau of Consumer Protection, emphasized that "fake or false consumer reviews are detrimental to consumers' ability to make accurate and informed choices"—particularly during high-stakes shopping periods when review reliance peaks.

South Korea adopts self-regulatory dark pattern code

On December 1, 2025, The Korea Online Shopping Association (KOLSA) introduced a comprehensive self-regulatory code on dark patterns, approved by the Korea Fair Trade Commission (KFTC). The framework implements compliance standards ahead of E-Commerce Act amendments taking effect in February 2025, which explicitly prohibit six categories of manipulative design practices.

The code addresses the following prohibited dark patterns:

Hidden Subscription Renewals (Article 5): Automatically renewing subscriptions without clear disclosure or consent mechanisms.

Repeated Interference/Nagging (Article 12): Persistently interrupting users to pressure purchasing decisions or prevent cancellation.

Drip Pricing: Progressively revealing fees throughout the checkout process rather than displaying total costs upfront.

False Hierarchy Structure: Manipulating visual design to mislead users about option importance or selection defaults.

Pre-Selected Options: Automatically checking boxes for additional products, services, or data collection without explicit user action.

Obstruction of Cancellation: Creating unnecessary barriers to withdrawal, termination, or service cancellation processes.

What sets this framework apart: KOLSA voluntarily restricts additional practices beyond statutory requirements, including surreptitious cart additions and misleading trick questions. The Self-Regulatory Compliance Council—comprising legal academics and consumer representatives—conducts periodic compliance reviews with potential public disclosure of violations, establishing accountability mechanisms that bridge voluntary industry standards with regulatory oversight.

‍

New York expands consumer protection law to include "unfair" and "abusive" practices

Effective February 17, 2026 — New York State is fundamentally transforming its consumer protection framework through amendments to General Business Law Article 22-A, now renamed "Protection From Unfair, Deceptive, or Abusive Acts and Practices." This marks the first major update to GBL §349 in 45 years, codifying standards established by the recently passed FAIR Business Practices Act.

The "abusive" standard creates liability when businesses:

• Materially interfere with users' ability to understand terms or conditions
• Take unreasonable advantage of consumers' lack of understanding about material risks or costs
• Exploit users' inability to protect their own interests when selecting or using products
• Violate reasonable reliance on businesses to act in consumers' best interests

Real-world implications: Privacy policies in incomprehensible legal language, asymmetric cancellation flows (6+ steps to cancel vs. one-click signup), pricing tables designed to obscure differences, consent flows burying critical information, and interfaces exploiting cognitive fatigue or limited technical literacy now face legal scrutiny.

New York Attorney General Letitia James emphasized that the 1970 law "only prohibits deceptive business acts and practices, leaving consumers vulnerable to unfair or abusive acts by companies." This development aligns with federal momentum, including the FTC's drip pricing rule (effective May 2025), signaling coordinated federal-state action against manipulative business practices.

The regulatory landscape is shifting dramatically, and 2026 marks the turning point. FairPatterns helps you navigate multi-jurisdictional enforcement by detecting manipulative interface patterns across: 

✓ Privacy and consent flows (competition + privacy law compliance) 

✓ Review and testimonial systems (FTC Consumer Review Rule) 

✓ Cancellation, pricing, and user control interfaces (NY GBL §349 abusive standard)

‍

Don't let deceptive design become a liability in 2026.

Check our dark pattern screening: https://www.fairpatterns.com/solutions/fairaudit-ai 

‍

References: 

• https://en.agcm.it/en/media/press-releases/2025/12/A561
• https://en.agcm.it/dotcmsdoc/pressrelease/A561_SUMMARY.pdf
• https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-warns-10-companies-about-possible-violations-agencys-new-consumer-review-rule
• https://www.ftc.gov/system/files/ftc_gov/pdf/2025-Fake-Review-Warning-Template.pdf
• https://www.nysenate.gov/legislation/laws/GBS/349
• ‍https://www.nysenate.gov/legislation/laws/GBS/A22-A