Dark Patterns: How To Detect and Avoid Them

Contributor(s): Lauren McClanahan, Danie Strachan, Monique Chvatal, Isabel Fernández Del Campo Aguiló
Related Topics: Compliance Tools and Advice, US Privacy Laws, GDPR, CCPA

What are dark patterns?

Dark patterns are digital design tactics meant to trick or mislead users into making unintended decisions, such as making a purchase, signing up for a newsletter, or sharing personal information. Unlike good user interface (UI) design, these deceptive practices benefit the business at the expense of the user’s choice and can take various forms, including misleading copy, hidden costs, and confusing layouts, among others.

Some of the most commonly used dark patterns intend to:

  • frustrate you when attempting to cancel an account, close a pop-up window, or unsubscribe from a service;
  • urge you to purchase a product or a service as soon as possible;
  • trick you into doing something you didn’t intend to do, such as buying insurance with your flight ticket; or
  • trick you into consenting to share more information than you intended, such as by presenting location tracking as an opt-out option rather than an opt-in or making an Accept Cookies button significantly easier to click on than the Decline option.

Why should you eliminate dark patterns from your app or website?

There has been a significant increase in the use of dark patterns since the term was first coined by Harry Brignull in 2010. It’s very tempting to use these practices to increase purchases, user engagement, or subscriptions, especially when there is increased pressure to meet or exceed business objectives. However, regulatory bodies are increasingly scrutinizing the use of dark patterns, and some countries have started to implement laws to curb their use.

In addition, these questionable practices often impede long-term growth. Ultimately, if your UI creates a suspicious, shady experience that leaves the user feeling fooled or patronized, you’ll lose that customer sooner or later. Consumers and regulatory authorities have quickly become aware of these manipulation techniques, and competitors eventually gain ground by offering transparent, honest, and user-friendly experiences.

Three Reasons to Avoid Dark Patterns

1. Dark Patterns Erode Customer Trust

The presence of dark patterns on websites and applications can easily diminish an organization’s credibility and consumer trust, eventually backfiring on the businesses that use them. A 2021 study in the UK indicated that almost a quarter of surveyed consumers have thought negatively of an organization using dark patterns, and 16% say they have stopped using a website or app (either temporarily or permanently) because of those dark patterns. The study also showed that 15% of the enquired consumers say that their trust in an organization was undermined due to its use of dark patterns. Consumers do not like being deceived. They denounce the use of dark patterns on social media using #darkpattern and have even created a “Hall of Shame” dedicated to calling out egregious examples.

2. Dark Patterns Can Violate Privacy Laws

Not only is the use of dark patterns unethical, it’s illegal in some jurisdictions. The presence of dark patterns in UI and UX has become so widespread that lawmakers in both the U.S. and the European Union have recently taken action.

For example, the California Consumer Privacy Act (CCPA) targets companies that use dark patterns to manipulate users into opting in to the sale and sharing of personal information. The law clearly states that the consent they may obtain through dark patterns is not valid “consent” under the CCPA. 

The European data protection authorities are also curbing the use of dark patterns. In March 2021, the coalition of data protection authorities of the EU and the EEA published guidelines on dark patterns. The guidance elaborates on how using these deceptive practices constitutes an infringement of the core principles of the GDPR. Soon, the EU’s Digital Services Act will also ban online platform providers from using dark patterns.

The list doesn’t end there; new privacy legislation in Colorado, Connecticut, and Virginia also targets dark patterns. These laws are not toothless, either. For example, both the GDPR and the CCPA contain penalties for noncompliance, and the GDPR even gives individuals a right to claim compensation from an organization in certain circumstances.

As a rule of thumb, a company will be subject to the laws and regulations of the jurisdictions in which it actively attempts to solicit business. U.S. organizations monitoring or offering products or services to individuals in the EEA have to comply with the GDPR with respect to certain aspects of their operations. Certain entities doing business in California, Colorado, Connecticut, Virginia, and other U.S. states with privacy laws need to abide by those laws as well.

3. User Experience (UX) is Key to Successful Business Outcomes

UX directly impacts user retention and conversion rates. But there is a difference between good UX and dark patterns. Both are meant to increase the likelihood that a user will complete a desired action, but with a key distinction: good UX prioritizes the user’s needs and experience, while dark patterns prioritize business goals at the user’s expense. 

Good UX aims to create a user-friendly and intuitive interface that enhances user satisfaction and engagement. In contrast, dark patterns are manipulative by nature. They aim to mislead users into taking unintended actions.

In an online world where we are constantly bombarded with dark patterns, an easy-to-use, transparent, and honest interface can be a breath of fresh air.

Enforcement Actions Against Companies Using Dark Patterns

Where there is regulation, there can be enforcement. Companies that are not vigilant against the use of dark patterns in their applications and platforms can find themselves on the wrong side of regulatory rule and face hefty fines, consumer lawsuits, forced business shutdowns, and operational changes.

Due to a growing number of consumer complaints, the U.S. Federal Trade Commission (FTC) has promised to ramp up its enforcement actions and is already cracking down on dark patterns. The FTC hosted a virtual workshop to examine dark patterns and later issued a report as well as an enforcement policy statement warning companies against using dark patterns that trick consumers into subscription services.

Another example takes us to France, where the data protection authority fined Google and Facebook a total of $238 million for dark patterns that violated the French cookie law by making it much easier to accept cookies than to reject them.

Moreover, industry-specific self-regulatory groups such as the Network Advertising Initiative have also identified the need for dedicated attention to dark patterns and published guidance to assist member companies to better understand the practice of dark patterns and assist with the implementation of best practices to avoid their use.

Best Practices and Tips to Avoid Dark Patterns

  • Prioritize transparency and clearly communicate the functionality and implications of each user action. Always ask for user confirmation for actions that are irreversible or result in loss of data or money.
  • Use straightforward and unambiguous language in all texts, prompts, and calls-to-action.
  • Don’t hide important disclosures or delay providing key details. For example, clearly display all costs, including additional or hidden fees, before the user commits to a purchase.
  • Avoid deceptive design practices such as using smaller fonts, low-contrast colors, or strategic placement of information to make disclosure statements less noticeable or accessible to the user.
  • Inform users how their data will be used and stored, and obtain explicit consent when needed.
  • Make sure that users can clearly reject collection or use of their personal information and are easily able to find and change their privacy settings.
  • Rather than using opt-out methods, allow users to actively choose to participate in features or services. If that is not possible, clearly indicate which options are selected by default and and allow easy changes to these selections.

How to Remove Dark Patterns from Your Website or App

Conduct an audit and review your website or app to identify any elements or processes that could be considered deceptive or misleading.

Conduct usability testing to gather feedback on confusing or misleading interfaces.

Refer to ethical design guidelines and follow industry best practices to understand what is generally considered a dark pattern.

Remove any identified dark patterns and replace them with straightforward, user-friendly alternatives.

Educate your team on the importance of ethical design to prevent future inclusion of dark patterns and educate the broader organization on why these practices can ultimately hinder business success.

Make sure your terms of service and privacy policies accurately reflect your business practices.

Keep an eye on user reviews, social media comments, and general feedback for any mentions of dark patterns or deceptive practices.

Regularly update and review your websites and apps to ensure that new features and updates do not introduce dark patterns.

The detection of dark patterns requires a careful assessment of your website or app design. The best way to ensure that your website or app is free from dark patterns is to reach out to privacy and UX specialists. To kickstart your dark pattern identification and remediation program, contact VeraSafe today for customized privacy advice.

You may also like:
Pros, Cons, and Pitfalls of Streamlining Compliance
Lessons from FTC Enforcement on Security Language in Privacy Notices

Contact VeraSafe to discuss your data security management and privacy program today.