Dark patterns is a term used to describe user interface designs that have been carefully crafted to encourage, nudge, or manipulate users into making certain choices which they otherwise would not have made, or which are not or might not be their best interests.
In this article, we provide an overview of existing types of dark patterns (noting that this is a continually evolving area) and the key legal and commercial considerations to be born in mind when it comes to the use of dark patterns, from both a consumer rights and data protection perspective.
Types of dark patterns
There are a number of different types of dark patterns which are currently used, to varying degrees, by companies and organisations in the UK and internationally. When Harry Brignull coined the term in 2010, he identified 12 broad categories of dark patterns. To illustrate just a few of these:
Users are able to get into a situation relatively easily, but then find it exceptionally hard to “get out”. This might happen, for example, when users are able to sign up to a subscription service quickly and easily but then find it incredibly difficult to cancel that subscription, perhaps because the business has deliberately obfuscated the route to cancellation on their website or because the business, alone, retains the power to cancel that subscription and users are required to call or email (poorly manned) customers service lines.
Users arrive at the last step of the checkout process to find unexpected charges have been added to their order, such as delivery charges, tax etc.
Users sign up to a free trial, and when that trial comes to an end their card is charged without warning or notice.
Advertisements are deliberately designed to appear as other kinds of content and navigation on a webpage, with a view to “tricking” users into accidentally clicking on them.
Users are nudged into (publicly) sharing more information about themselves than they had intended.
Consumer Rights Act 2015 (CRA 2015)
The CRA 2015 comprises a host of consumer protection provisions, including in respect to requisite standards of goods and services sold to consumers and unfair terms in consumer contracts.
To the extent that dark patterns are principally used to encourage or (at the more extreme end of the spectrum) coerce consumers into entering into contracts for goods and / or services, they are at risk of falling foul of the CRA 2015. In such a scenario the contract term, if deemed or found to be unfair, would be invalid and unenforceable against the consumer (and, as a matter of course, the offending business would lay itself open to regulatory enforcement action – more on which below).
Consumer Protection from Unfair Trading Regulations 2008 (2008 Regulations)
The 2008 Regulations include a general prohibition against unfair commercial practices and prohibit practices that materially distort or are likely to materially distort the economic behaviour of the average consumer. The 2008 Regulations are most likely to “bite” when it comes to dark patterns which are largely designed with the explicit aim of influencing the economic behaviour of consumers - for example by encouraging them to purchase certain goods and / or services.
Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (2013 Regulations)
The 2013 Regulations apply to contracts made “at a distance” (eg online). These regulations require detailed information to be provided to consumers and provide for a 14-day “cooling off” period within which time customers may return goods or services and request a full refund without reason or justification. The 2013 Regulations also include a prohibition on additional payments which appear as a “default” option and on premium-rate post-contract customer helplines. Businesses which employ dark patterns that involve “default” payments, or which require customers to navigate costly customer helplines, are at risk of failing to comply with these regulations.
In 2019, following an investigation by the Competition and Markets Authority (CMA), a number of travel booking companies were subject to enforcement action due to concerns around dark patterns such as pressure selling, misleading discount claims and hidden charges. The CMA was concerned that practices such as giving a false impression of a room’s popularity and not displaying the full cost of booking a room upfront, could mislead customers. Following the investigation, each of the businesses agreed to a set of undertakings prescribed by the CMA.
More recently, on 19 January 2021, the CMA’s Data Technology and Analytics Unit published a research paper entitled “Algorithms: How they can reduce competition and harm consumers” (2021 CMA Paper). Amongst other things, the 2021 CMA Paper identifies and discusses practices which cause direct harm to consumers and exclusionary practices which deter or distort competition (including dark patterns).
The 2021 CMA Paper considers techniques and methods to investigate the prevalence and severity of the harms caused by the practices identified and outlines potential ways in which action may be taken to address these in the future, including: guidance for businesses; monitoring by the new Digital Markets Unit; and formal investigations.
It is worth noting that dark patterns are also attracting attention from consumer protection regulators across the world. For example:
- Amazon is currently being challenged by the Norwegian Consumer Authority for breaches of EU consumer protection law in respect of its cancellation processes for its Prime Membership The complaint, issued by the Norwegian Consumer Council, noted that customers who wish to cancel their Prime subscriptions are forced to navigate six separate webpages to do so. During this process, the consumer is allegedly “nudged” into keeping their membership through the use of “confusing” wording and design techniques such as the use of yellow exclamation marks alongside the option to end membership benefits.
- On 28 October 2021 the US Federal Trade Commission announced a new enforcement policy statement warning companies against using dark patterns that trick consumers into ordering subscription services following rising complaints about unauthorised charges and impossible-to-cancel billing.
Data protection considerations
To the extent that dark patterns are deployed to nudge users into making a particular choice in relation to their personal data (most obviously to grant consent to wider uses and processing of their data than they would otherwise be prepared to give), users cannot be said to give valid consent under UK GDPR (ie freely given and informed). Where consent is required for the purposes of receiving email direct marketing or setting cookies then this may also be a breach of the Privacy and Electronic Communications Regulations 2003 (PECR).
The attention of the Information Commissioner’s Office (ICO) – at least in respect to enforcement - has been more focused on security breaches than the methods by which data is obtained; however, dark patterns have come under increased scrutiny under UK GDPR with changing transparency and consent requirements. The 2021 CMA Paper envisages a joined-up approach between the CMA and the ICO in respect of the regulation of harmful practices such as dark patterns going forwards.
Notwithstanding the legal and regulatory landscape outlined above, the use of dark patterns is not uncommon, particularly amongst subscription service providers. And indeed, many providers will consider that certain practices are neither unfair nor confusing. For example, a multi-stage cancellation process can be useful to identify the reason for cancellation and may provide an opportunity to offer a discount or a temporary suspension of the consumer’s membership as an alternative to cancellation - which some consumers may freely wish to choose.
The CMA has itself noted that many of the systems identified in the 2021 CMA Paper do provide substantial benefits to consumers - for example, time-saving and personalised recommendations. The CMA also acknowledges that certain dark patterns allow businesses to make effective improvements to their goods and services based on the choices which their users make.
To be clear: dark patterns have not been declared unlawful. Compliance will depend on the manner and extent to which such practices are used and implemented by companies. Recent regulatory action has highlighted the need for businesses to provide clear and transparent user interfaces, and for users to be given genuine freedom of choice.
All organisations (including publishers and website operators) should keep abreast of the latest developments in this area, and watch carefully for further reports and guidance from regulators.
If companies currently use practices which may be considered dark patterns, it would be sensible to review those practices to ensure compliance with applicable consumer and data protection laws as they may attract the attention of the CMA or the ICO. It is also important that website designers and marketing teams are well-educated about the law in this area and the considerations to be borne in mind when launching and implementing practices which are or are akin to dark patterns. To that end, companies would be advised to regularly train their staff, to mitigate the risk of non-compliance in this area.
Please contact the commercial and data protection team at Farrer & Co if you have any questions about dark patterns or wider consumer law and data protection compliance.
If you require further information about anything covered in this briefing, please contact Genna Morgan-McDermott or your usual contact at the firm on +44 (0)20 3375 7000.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, November 2021