As deceptive approaches become more prevalent online, regulators are increasingly using privacy laws to target their use, say two lawyers from Dentons.
Website developers use “dark patterns,” which are manipulative and deceptive user interface design components, to coax users into unintentionally clicking on or agreeing to things that they would not have freely chosen, or that are against their best interests. This often involves tricking the user into agreeing to share more personal information than they otherwise would.
Dark patterns include default settings which maximize the collection of personal information, disguised ads, hidden costs, additional items automatically added to a user’s e-commerce cart that the user must uncheck before checking out, and “roach motels,” which are services that make it easy to sign up but nearly impossible to cancel or unsubscribe.
“We’re definitely seeing dark patterns increasingly being targeted through privacy laws,” says Danielle Dudelzak, an associate in Dentons’ corporate group, with a focus on the technology, media, and communications sectors. While dark patterns have been around for over a decade, they are attracting growing attention from regulators and industry bodies because they are becoming more sophisticated and widespread, she says.
Dark patterns are an underhanded use of what is often called “choice architecture,” which means presenting or organizing choices in a way that influences decision-making.
“Choice architecture is a fancy way of saying humans are fundamentally lazy, don’t like reading things, and will take the path of least resistance – or we’re easily confused,” says Kirsten Thompson, partner and the national lead of Dentons’ privacy and cybersecurity group.
Regulators in the European Union and the US are beginning to crack down, and Canada is following suit, with Quebec’s new privacy law coming to the closest to explicitly targeting these behaviours, she says.