In recent years, the use of clickbait and dark patterns has attracted the attention and scorn of state legislatures, the Federal Trade Commission (FTC), state attorneys general, consumer advocates and consumers. Three state privacy laws attempt to specifically address the use of dark patterns to obtain consent in a privacy context. The FTC has issued a request for public comment to update its current “.com Disclosures” guidance, issued an enforcement policy statement warning companies that it will increasingly focus its enforcement efforts on deceptive sign-up and cancellation tactics involving negative option marketing and operation, has investigated companies for difficult cancellation processes and, most recently, published its “Bringing Dark Patterns to Light” staff report (the Report). State attorneys general and consumer advocate organizations have submitted comments, including this example, to the FTC asserting their displeasure with clickbait and dark patterns.
This Holland & Knight alert will focus on dark patterns and the FTC’s Report published in September 2022.
Example Dark Patterns Highlighted by the FTC
A “dark pattern” is commonly defined as a user interface design method on a website or mobile application that results in a substantial number of users making choices that they otherwise would not make that benefit the provider of the website or application rather than the users. The FTC calls them manipulative design tricks and psychological tactics and stated that dark patterns are “found in a variety of industries and contexts, including ecommerce, cookie consent banners, children’s apps, subscription sales, and more.”
Examples of design methods that the FTC may deem to be dark patterns:
Companies that use website and mobile application design practices to deceive or manipulate consumers into taking detrimental actions may receive scrutiny from the FTC. In the Report, the FTC made specific recommendations to help companies avoid using design methods in a manner that could be considered dark patterns that violate the FTC Act and other federal laws.
The Report indicates that companies should take at least the following steps to mitigate risk:
- consider design elements as a whole, because multiple dark patterns can have an even stronger effect, according to the FTC
- as part of A/B testing, consider whether higher conversion using one interface is due to manipulative design elements
- publish websites and mobile apps that do not create false beliefs or otherwise deceive and consider how an interface can increase consumer understanding of material terms
- consider the net impression of a website or mobile app, because disclaimers may not overcome deceptive design
- include accurate information about mandatory fees in the “upfront, advertised price”
- consider whether pricing practices treat consumers differently based on race, national origin or other protected characteristics
- when an interface targets a specific audience (e.g., children), consider how design choices will be viewed by that audience
- review subscription cancellation mechanisms and potentially reduce the complexity and number of screens of the cancellation process
- if telephone cancellation is permitted, review policies and procedures that apply to answering calls during normal business hours and within a short time frame
- when accepting purchases online, consider the steps taken to ensure the accountholder is consenting to a purchase
- reevaluate the collection of personal information to minimize unnecessary collection
- consider taking steps to avoid subverting consumers’ privacy choices by reviewing default settings, the steps consumers must take to make choices, the clarity and prominence of toggle options, and the use of just-in-time notices and choices related to the collection and use of sensitive personal information
- be transparent and accurate when collecting lead information and monitor third-party lead generators
The Report increases the risk to companies that use dark patterns, because the FTC will hold them accountable for not following its guidance. The Report’s release coincides with current FTC enforcement activity, increased public discussion about dark patterns, and the FTC’s conclusion that manipulative design techniques online are potentially more harmful than in the physical environment because more data can be collected about individuals to generate manipulative design elements and trying new techniques online is cheap and easy.
Moreover, the FTC will not limit its enforcement activity to negative option/subscription contracts where it has historically focused its attention. For example, large sections of the Report focus on the use of dark patterns to impact privacy-related consent and settings. The FTC’s focus on privacy aligns with the privacy laws in California, Colorado and Connecticut that expressly state that consent requirements are not met if agreement is obtained through the use of dark patterns. The Utah and Virginia privacy laws also make clear that valid consent must be freely or voluntarily given in an informed manner. Regulators in Utah and Virginia may take the position that the use of dark patterns to obtain agreement is not informed and freely or voluntarily consent.
In addition to the federal and state regulatory compliance risk, companies that use dark patterns in the process of obtaining any legal agreement with consumers could risk future claims that an agreement was not formed or is voidable because there was no acceptance or meeting of the minds with respect to that agreement.
Companies should consider reviewing the user interface design of their websites and mobile applications to determine whether any of the techniques described in the Report are used to obtain consent or agreement from users. If so, the company can evaluate whether the use of the techniques are dark patterns and take steps to update them.
For more information on the FTC Report or companies needing assistance with review of user interface design methods to comply with the Report or other FTC guidance, contact the author or another member of Holland & Knight’s Data Strategy, Security & Privacy Team or Consumer Protection Defense and Compliance Team.
Information contained in this alert is for the general education and knowledge of our readers. It is not designed to be, and should not be used as, the sole source of information when analyzing and resolving a legal problem, and it should not be substituted for legal advice, which relies on a specific factual analysis. Moreover, the laws of each jurisdiction are different and are constantly changing. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. If you have specific questions regarding a particular fact situation, we urge you to consult the authors of this publication, your Holland & Knight representative or other competent legal counsel.