Reading list

The CFPB says it’s hiring 25 technologists over the next year to help its staff of mainly economists and lawyers actually probe these new leads. The move is as sure a sign as any that the bureau’s ongoing efforts to investigate and hold tech companies accountable for financial wrongdoing are only accelerating.

Dark patterns and the façade of decisional privacy; Attempts to regulate dark patterns globally; Legal implications of dark patterns in India.

The FTC wants Amazon to fork over any disappearing messages that executives used to discuss Prime.The federal agency has been probing Amazon over potentially misleading tactics used to get people to subscribe. Insider reported in March that Amazon execs were worried customers felt tricked into signing up but did nothing.

"...the DMA may root out some dark patterns, but only for “gatekeeper” companies, and only in contexts where those dark patterns relate directly to the law’s other provisions [...] Ithe DSA might have had a decisive impact on the prevalence of dark patterns online. However, those hoping for a broad, aggressive approach to dark patterns may be underwhelmed..."

"We show that digital manipulation erodes users’ ability to act rationally, which empowers platforms to extract wealth and build market power without doing so on the merits. [...] our research asserts that antitrust enforcement should go further in promoting decisional privacy."

The Federal Trade Commission has reportedly deepened its investigation into Amazon’s employment of dark patterns in the Amazon Prime subscription cancellation process. As EPIC explained in a complaint to the D.C. Attorney General last year, Amazon employs dark patterns to deter customers from canceling their Prime subscriptions.

All over the world, governments are using nudges as regulatory tools. Is this ethical? Much of the answer depends on whether nudges promote or instead undermine welfare, autonomy, and dignity.

As Companies Wrongly Invoke the Guide to Justify Deception, Agency Seeks Public Input on Possible Revisions Around Dark Patterns and Other Deceptive Tactics

EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and Microsoft’s online advertising businesses.

State and federal regulators have definitely put a new emphasis on combatting so-called “dark patterns” – but other than a catchy name, is there really anything new about the types of conduct that state and federal officials are calling illegal? This two-part blogpost will take a closer look at that question.

In this post (Part Two), we examine the FTC’s approach to this issue, now and in the past. Here, we conclude that, despite the new terminology, the practices that comprise today’s dark patterns have been core elements of FTC law and policy for years.

The CMA has secured improvements for Xbox online players, following concerns about Microsoft’s use of auto-renewing subscriptions for online gaming services.

The complaints allege the company has deployed ‘dark patterns,’ design tricks that can subtly influence users’ decisions in ways that are advantageous for a business

Article 13a in the DSA "explicitly forbids the use of specific techniques to extort consent to collect personal data, for instance, via repeatedly showing pop-ups. It also prevents platforms from requesting such consent if users already choose via ‘automated means’, which might be a setting in the web browser or operating system."

The French data protection authority hit Facebook and Google with multimillion-dollar fines yesterday for their use of deceptive design in their cookie consent banners.

Following investigations, the CNIL noted that the websites facebook.com, google.fr and youtube.com do not make refusing cookies as easy as to accept them. It thus fines FACEBOOK 60 million euros and GOOGLE 150 million euros and orders them to comply within three months.

FTC has made clear that to comply with the law, businesses must ensure sign-ups are clear, consensual, and easy to cancel.

Today, the CNIL said it’s fined Google €150M (~$170M) and Facebook €60M (~$68M) for breaching French law, following investigations of how they present tracking choices to users of google.fr, youtube.com and facebook.com.

On 14 December 2021, the Internal Market and Consumer Protection (IMCO) Committee of the European Parliament adopted its report on the Digital Services Act.

Hidden away in #Google adtech antitrust complaint, in ref to internal docs: “We have been successful in slowing down and delaying the [ePrivacy Regulation] process and have been working behind the scenes hand in hand with the other companies.”

Academic analysis of how Fortnite is using its platform to manipulate users.

Font size can be the difference between compliance and a class action lawsuit

This report argues that TikTok does not comply with the GDPR in a number of ways.

A new California law (the California Privacy Rights Act) prohibits efforts to trick consumers into handing over data or money. A bill in Washington state (SB 5062 - 2021-22) used similar language.

The Federation of German Consumer Organisations (vzbv) filed a complaint against “advocado”, an online service that helps people find a lawyer. With its lawsuit, the consumer protection group challenged the use of dark patterns in cookie banners used.

The Norwegian Consumer Council’s study analysed the cancellation process for Amazon Prime. The analysis shows that consumers who want to leave the service are faced with a large number of hurdles, including complicated navigation menus, skewed wording, confusing choices, and repeated nudging. Throughout the process, Amazon manipulates users through wording and graphic design, making the process needlessly difficult and frustrating to understand.

The CPRA defines a “dark pattern” as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice” and clarifies that it should be “further defined by regulation.

"First, the CPRA adds a new definition of "consent" to the CCPA. The new definition explicitly states that "[A]greement obtained through the use of dark patterns does not constitute consent." Then, paralleling the definitions from Deceived by Design and the DETOUR Act, the CPRA defines a "dark pattern" as "a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation." Finally, the law directs that regulations regarding the sale or sharing of personal information ensure that a business obtaining consumer consent to such sale or sharing "does not make use of any dark patterns.""

On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.

"At a time when many parents are looking for more opportunities for educational enrichment online, it is disappointing that services like ABCmouse have scammed millions of dollars from families through dark patterns, as alleged in the Commission’s complaint. By making it extremely difficult to cancel recurring subscription fees, ABCmouse engaged in conduct that was not only unethical, but also illegal."

A class action lawsuit was filed in June 2020, alleging that the New York Times has been violating California law by automatically renewing consumers’ subscriptions without proper authorization and making it “exceedingly difficult” to cancel existing subscriptions.

This Article argues that digital manipulation should, in many instances, be considered to be a type of anticompetitive behaviour. Digital manipulation erodes users’ ability to act rationally, which empowers platforms to extract wealth and build market power without doing so on the merits.

"Senators Mark Warner (D-Virginia) and Deb Fischer (R-Nebraska) have introduced legislation to ban so-called “dark patterns” tactics designed to trick users..."

DETOUR was a bi-partisan bill that aimed to curb manipulative dark pattern behavior by prohibiting the largest online platforms (those with over 100 million monthly active users) from relying on user interfaces that intentionally impair user autonomy, decision-making, or choice.

"my prediction for 2019 - let’s do this like a TV show is this is the year where dark patterns really becomes the kind of thing that we’re really talking a lot about." - Paul Ohm

"Office Depot and [...] Support.com, were [accused of] falsely informing consumers that their computers were infected with malware and then selling them various fixes for non-existent problems." (Summary from Luguri & Strahilevitz, 2019)

The operators of a worldwide negative option scam have agreed to settle FTC charges that they deceptively advertised “risk-free” trial offers for only the cost of shipping and handling, but then charged consumers full price for the trial product and enrolled them in expensive, ongoing continuity plans without their knowledge or consent.

A recent (2018) case involving Dark Patterns. The dispute involved the F.T.C.’s enforcement action against a payday lender that was providing information to lure customers. (Also see Luguri & Strahilevitz, 2019)

"To tame the, sometimes, harmful power of enormous platforms, we need to reconsider the mathematics of regulation. The law tends to treat the growth of a company linearly, while the power and harm of online activity increases at a much faster rate. We need to scale up the mathematics of regulation to deal with many of the problems of massive digital platforms."

"LeadClick was an internet advertising company, and its key customer was LeanSpa, an internet retailer that sold weight-loss and colon-cleanse products. [...] Many of the advertisements it placed purported to be online news articles but they were in fact ads for LeanSpa’s products. [...] The Second Circuit thought it was self-evident that these techniques were unlawfully deceptive" (Summary from Luguri & Strahilevitz, 2019)

The FTC's enforcement policy statement regarding advertising and promotional messages that are presented as non-commercial content.

"A case in which the F.T.C. secured a settlement of upwards of $73 million after alleging both deceptive and unfair practices. [...] the F.T.C. asserted that the defendants’ skin-care companies were using a host of dark patterns" (Summary from Luguri & Strahilevitz, 2019)

"The Authority has also considered unfair, cumbersome and misleading, the mechanism imposed to consumers in order to select the no-purchase option of the travel insurance policy: in the Ryanair booking process it is necessary to go through the window of Country of Residence and select the option “refuse insurance”, positioned – in the Italian website - between Netherlands and Norway."

The full case text of Perkins v. Linkedin Corp. This is the class action lawsuit in which Linkedin was required to pay roughly $13 million due to their use of various dark patterns, including "Friend Spam".

The CAN-SPAM Act of 2003 established the United States' first national standards for the sending of commercial e-mail. It is enforced by the FTC. It contains rules against dark patterns, e.g. a visible and operable unsubscribe mechanism must be present in all marketing emails.