Chapter 26: The crucial role of regulation

Education and codes of ethics are clearly necessary, but they aren’t themselves enough to solve the problem. As long as deceptive patterns are profitable and low-risk, they will continue to be used.

To understand the importance of regulation, we need to put ourselves in the shoes of business owners. CEOs of tech companies don’t wake up in the morning saying to themselves, ‘I want my company to use more deceptive patterns’. Instead, they want more growth and more profit – and deceptive patterns are a by-product. Deceptive patterns are actually a rational response to an under-regulated and under-enforced marketplace. After all, if your company can use a simple UI design technique to deliver more profit and you face little chance of penalties, then why wouldn’t you do it?

Laws that apply to citizens are usually easy to understand because they're based on simple rules or belief systems that we’re taught from childhood – don’t steal, don’t kill, that sort of thing. Commercial laws and regulations are different; they can be really complex, and the wording can be difficult to interpret.

This means that in-house lawyers have to analyse commercial laws and help their employers make decisions in the face of this ambiguity. This is called ‘legal risk management’. There are various fancy methods and tools that companies use to manage risk. The most basic and common is the risk matrix, shown below...

Buy the book to

Since 2010, Harry Brignull has dedicated his career to understanding and exposing the techniques that are employed to exploit users online, known as “deceptive patterns” or “dark patterns”. He is credited with coining a number of the terms that are now popularly used in this research area, and is the founder of the website He has worked as an expert witness on a number of cases, including Nichols v. Noom Inc. ($56 million settlement), and FTC v. Publishers Clearing House LLC ($18.5 million settlement). Harry is also an accomplished user experience practitioner, having worked for organisations that include Smart Pension, Spotify, Pearson, HMRC, and the Telegraph newspaper.