Chapter 26: The crucial role of regulation

Education and codes of ethics are clearly necessary, but they aren’t themselves enough to solve the problem. As long as deceptive patterns are profitable and low-risk, they will continue to be used.

To understand the importance of regulation, we need to put ourselves in the shoes of business owners. CEOs of tech companies don’t wake up in the morning saying to themselves, ‘I want my company to use more deceptive patterns’. Instead, they want more growth and more profit – and deceptive patterns are a by-product. Deceptive patterns are actually a rational response to an under-regulated and under-enforced marketplace. After all, if your company can use a simple UI design technique to deliver more profit and you face little chance of penalties, then why wouldn’t you do it?

Laws that apply to citizens are usually easy to understand because they're based on simple rules or belief systems that we’re taught from childhood – don’t steal, don’t kill, that sort of thing. Commercial laws and regulations are different; they can be really complex, and the wording can be difficult to interpret.

This means that in-house lawyers have to analyse commercial laws and help their employers make decisions in the face of this ambiguity. This is called ‘legal risk management’. There are various fancy methods and tools that companies use to manage risk. The most basic and common is the risk matrix, shown below...