Chapter 27: Legislation in the European Union

The Unfair Commercial Practices Directive

The Unfair Commercial Practices Directive (UCPD)1 was adopted back in 2005, and it doesn’t get talked about much, despite its potency. It’s a bit like the elderly grey-haired character in a martial arts movie whom everyone ignores, but in the third act they turn out to be a total powerhouse who packs an incredible punch.

The UCPD applies to all business-to-commercial practices in the EU and UK.2 It covers almost any decision that a consumer has to make while using a digital service or in a physical store. This includes decisions made before a commercial transaction, during it, or after. So that means it covers marketing, advertising, personalisation, choice architecture, and deceptive patterns (although deceptive patterns aren’t explicitly defined in the law). The UCPD also doesn’t require intent, so if a design is shown to be unfair, that’s good enough – it doesn’t need proof that the designers or business owners created it on purpose.

The UCPD contains a number of principles:

  • General prohibition of unfair commercial practices: The UCPD prohibits any commercial practice that is contrary to the requirements of professional diligence and materially distorts or is likely to distort the economic behaviour of the average consumer.
  • Misleading practices: The UCPD prohibits misleading actions and omissions, which involve providing false information or presenting information in a way that deceives or is likely to deceive the average consumer. This includes misleading advertising, false claims about products or services, and other deceptive tactics.
  • Aggressive practices: The UCPD prohibits aggressive commercial practices, which significantly impair the average consumer’s freedom of choice or conduct through harassment, coercion, or undue influence. This includes high-pressure sales tactics, persistent and unwanted solicitations, and exploiting a consumer’s vulnerability or fear.

‘Professional diligence’ is noteworthy because it implies that if an organisation ignores a widely used set of professional conduct guidelines, this could fall under the prohibition. Most of these sorts of guidelines contain provisions about deceptive patterns, either directly or indirectly, such as the ACM’s Code of Ethics and Professional Conduct.3 The UCPD also contains a list of forbidden practices (‘Annex 1: Commercial practices which are in all circumstances considered unfair’). This is probably the most powerful weapon in the UCPD’s arsenal, because it’s so easy to use. The regulator doesn’t have to carry out a detailed analysis that proves deception occurred. All they have to do is show that the banned practice was used by the business, and that’s that. There are 31 forbidden practices. Here’s a summary of the most relevant ones:

  • (2) Fake trust markers: falsely displaying a trust mark, quality mark or similar.
  • (4) Fake endorsements: falsely claiming a trader or product has an endorsement approved, endorsed or authorised by a public or private body.
  • (5) Bait advertising: advertising a certain price when the trader knows they cannot offer that product, or only has a few in stock at that price.
  • (6) Bait and switch: advertising a product at a certain price then refusing to offer it, with the intention of promoting a different product.
  • (7) Fake urgency: falsely stating that a product or terms will only be available for a very limited time, to rush the user and deprive them of the time to make an informed choice.
  • (11) Covert advertising: presenting paid advertorial without disclosing that it is an advertisement.
  • (20) Fake free offers: describing something as free when it’s not.
  • (21) Fake invoices: claiming the user owes a bill when they do not.

In summary, with a combination of the principles and the forbidden practices, the UCPD covers a lot of deceptive patterns – which is really good news. However, the UCPD’s main strength is also its shortcoming. It has an extremely broad scope: if a company engages in a practice that isn’t an exact fit for one of the forbidden practices, then the legal case has to provide a detailed argument regarding how the practice violates the UCPD’s principles (such as, that it’s unfair, misleading or aggressive towards an ‘average consumer’). Consumer protection litigation is naturally very slow. The broad scope of the UCPD is unlikely to help speed it up.

The General Data Protection Regulation

The General Data Protection Regulation (GDPR)4 protects the data of individuals. It forbids certain deceptive patterns that fall within the realm of data and privacy...

Buy the book to

Since 2010, Harry Brignull has dedicated his career to understanding and exposing the techniques that are employed to exploit users online, known as “deceptive patterns” or “dark patterns”. He is credited with coining a number of the terms that are now popularly used in this research area, and is the founder of the website He has worked as an expert witness on a number of cases, including Nichols v. Noom Inc. ($56 million settlement), and FTC v. Publishers Clearing House LLC ($18.5 million settlement). Harry is also an accomplished user experience practitioner, having worked for organisations that include Smart Pension, Spotify, Pearson, HMRC, and the Telegraph newspaper.