Over the past several years, you may have heard of a new phenomenon on the internet called “Dark Patterns.” These are the latest new online sales tactics designers and marketers use to get you to get a 10% discount on your next purchase at the cost of signing over your personal information. These can come in many shapes and sizes, as seen in Image 1 below (the brand name is blacked-out because I genuinely love that brand’s product). But these patterns are much more than just an offer if you hand over your email address. They are dopamine enhancers that try to cause you to make a decision you otherwise wouldn’t. We’ll look at other examples that are more “dark” than in Image 2 as you continue reading. These patterns are also so much more than just sales techniques because they make it very easy to get in, but extremely difficult to get out (like a roach motel). We’ll take a look at some examples that will help everyone understand how prevalent these are on today’s internet.
This term didn’t make its way into government offices until approximately 2019. As of January 1, 2023, the California Privacy Rights Act (CPRA) will go into effect, further enhancing the requirements in the California Consumer Privacy Act (CCPA). One of those items in the CPRA is “Dark Patterns,” which is defined as a “user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice…” The CPRA targets any attempts made by companies and designers that make it difficult for consumers to opt-out of sales of their personal information. Rather than being presented with the opt-in and opt-out options looking the same, the consumer is often given the easy way to opt-in, but a very difficult way to opt-out. Image 3 shows an emailed example of a dark pattern I received while writing this where the “unsubscribe” option was located in very small print at the very end of the email (company name and address blacked out of course). This isn’t the first time I’ve seen this either. Look at another example below (I circled the small text and highlighted the “unsubscribe” button). If you look closely enough, you’ll see the text to unsubscribe is the same size and color as the other text, made to look like generic text that the reader might not notice.
FTC Probe into Amazon
Recently, someone at the Federal Trade Commission has gotten fed up with Amazon’s unsubscribe method that manipulates users into subscribing to their Prime service (let it be known that I am a happy member of Prime). Some folks don’t want to opt-in automatically to something that costs more money than they’d like (especially with what’s been happening to the economy lately). It all starts with the option to opt into the Prime service for a 30-day free trial. Once this trial ends, Amazon automatically charges your credit card for the full amount of its service (and let me say, the opt-in process is as smooth as can be). But if someone gets trapped in the service, how does one opt-out? It’s a lot more complicated than joining, unfortunately. Thankfully, several lawsuits and bad publicity have amended the process from what it used to be where going to your account screen actually wasn’t how someone canceled their membership.
- Access your account page on Amazon
2. Go to your Prime membership screen
3. You can then select the drop-down screen under “Membership” and select “End Membership.” As you can see, it’s in very small print, so be very diligent in your cancellation steps.
If you’d like to read more about the probe into Amazon, check it out here.
What does the CCPA say about Dark Patterns?
As is always the case in a capitalistic society, organizations and individuals are going to find ways around the rules so they can remain competitive without breaking the law (i.e. utility providers). Examples of these patterns used by businesses include excessively long wait times, complex opt-out procedures, confusing confirmation language when opting-in, forcing consumers to search for opt-out links and requiring additional personal information to complete the opt-out process. It’s important to note, however, that the CCPA didn’t explicitly define a “dark pattern” and instead provided the following language:
A business’s methods for submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out. A business shall not use a method that is designed with the purpose or has the substantial effect of subverting or impairing a consumer’s choice to opt-out.
California Consumer Privacy Act, Section 999.315(h)
We see that this definition gets to what we’re looking for, but doesn’t quite encompass the entirety of a “dark pattern.” We’ll see that this was amended when the California Privacy Rights Act was adopted.
The CPRA and Dark Patterns
We saw the definition in the second paragraph above and when the CPRA will go into effect. Although it’ll take some time to set precedence for what constitutes a dark pattern, the CPRA includes language where such a dark pattern would undermine individual decision-making. In other words, if I’m hindered in my attempt to opt out because of the complexity of the process, my decision-making is undermined and impeded. This definition also focuses on the outcome of the situation, and not the intent of the process. The intent, obviously, is to keep you as a paid subscriber. However, the outcome of such an attempt will be the area lawyers target most because of the shift in emphasis. And as we all know, the intent of someone is almost infinitely harder to prove than the outcome of the situation!
An additional consideration we should all account for is how consent was given in a situation. The CPRA says that consent must not be coerced or manipulated in order for it to be legally binding for both parties. If either of these areas is violated, the consumer has grounds for immediately opting out of the service (they should always be allowed to opt-out of service in my opinion). Now, I’d like to talk a little more about the two forms so we aren’t surprised next time we try to opt-out of a service offering and get some pushback.
Coerced Consent
Someone is coerced by another when their options are constrained and the only rational option is the one presented to them by the one coercing them. In other words, being held over a barrel. An example of this in my own life involves my ISP. One ISP has some of the worst customer service anyone can ever ask for, but their upload and download speeds are the best in my area. On the other hand, another ISP has better customer service, but their upload and download speeds are atrocious compared to the other. With costs being relatively equal, naturally, I would opt for the poor customer service option because they have better upload and download speeds. Since I, like anyone reading this, operate quite a bit online, it’s only natural that we elect to go with the faster provider. Now, I definitely could have selected the other ISP, but the gap between speeds was too wide for me to rationalize going with them. That, in a nutshell, is “Coerced Consent.” Apply this to a subscription service, and you know everything you need to know.
Manipulative Consent
This type of consent involves the inclusion of “hidden” influences, where pattern creators drive an individual to take an action by displacing their decision-making authority. In other words, a choice is made for the user instead of by the user. This would plainly be a company taking action for a user without the user taking any action, or providing any sort of consent, for them. A consumer, according to the CPRA, must take direct action when providing consent.
Concluding Thoughts
Now that you know what thee look like, you can start to identify them in the wild. As was stated before, organizations will be what they can to gain a competitive advantage, even if it means taking advantage of the untrained consumer. But that’s the point of DPP! We want to make sure you know what’s going on so you can make the most informed decision about your data and your privacy! Now that you know about dark patterns, it’ll be easier for you to identify them and get rid of them (only if you don’t like them, of course).
See the Newsletters page for the latest content and to subscribe to the regular update, see the About page for information around who DPP is, and check out the Contact page to reach out to DPP with any questions or concerns. These are my thoughts and should not be taken as professional advice simply because you are not paying me for my opinion.
Once you understand how valuable your information is, then you can begin taking steps to keep it private.