On July 10, the Federal Trade Commission (FTC) announced the results of two global internet sweeps that examined the prevalence of certain deceptive design practices, or “dark patterns,” within a variety of websites and mobile apps.

While the topic of dark patterns is one we touch on frequently (see, e.g., here and here), for anyone who needs a refresher, dark patterns are typically defined as practices that steer consumers into making choices that they might not otherwise have made and that may not be in their best interests.

Highlighting the fact that dark patterns touch on both consumer protection and privacy concerns, two international organizations conducted sweeps, each looking at dark patterns from their respective regulatory lens: the International Consumer Protection and Enforcement Network (ICPEN) focused on dark patterns in subscription services, and the Global Privacy Enforcement Network (GPEN) looked at how dark patterns may encourage individuals to provide more personal information than intended or make choices that do not align with their privacy preferences.

The ICPEN sweep, which surveyed the practices of over 600 websites and apps offering subscription services, found that over 75 percent of those websites utilized at least one dark pattern, with over 65 percent employing two or more. The GPEN sweep, in which the FTC participated, noted that in approximately 97 percent of the 1,000+ websites and apps it reviewed, sweepers encountered at least one dark pattern in their attempt to make privacy-protective decisions or obtain privacy-related information.

Echoing similar themes from a 2022 FTC report, the sweeps highlight the following dark patterns as being the most prevalent among the sites reviewed:

Sneaking. This is the practice of trying to hide or delay disclosing information relevant to a consumer’s purchasing decision, often related to costs. An example of sneaking is adding non-optional charges to the price right before the consumer completes a purchase (also known as drip pricing).

• The report also characterized as forms of sneaking the inability to turn off a subscription auto-renewal within a purchase flow, not providing sufficient information during the enrollment process about steps to cancel, and not providing a date by which a consumer would need to cancel their subscription to avoid the recurring charge. The report noted that at least one of these practices was observed in the majority of auto-renew subscriptions reviewed.

Interface Interference. This is an attempt to frame information in such a way that it steers consumers toward making decisions that are more favorable to the business. Examples of interface interference are false hierarchy, preselection and “confirmshaming.”

• False hierarchy is the practice of visually presenting the purportedly more favorable (to the company) option more prominently, for example by more prominently presenting a subscription-based enrollment over a one-time purchase. The example provided on the privacy side was making the “accept all cookies” button more prominent than the cookie settings/rejection button.
• Preselection, as its name implies, would have the more favorable option (such as a more expensive or longer subscription) preselected by default.
• Confirmshaming uses language that evokes a specific emotion from the consumer to get the consumer to take a particular action. An example might be including the text “Fine, I don’t want to save money” next to a checkbox declining an offer.

Obstruction Practices. The reports did not add much detail here beyond characterizing any practice that makes a task flow more detailed or tedious as a type of obstruction. Related to subscriptions, an example provided is where the cancellation process is more difficult than the initial enrollment. On the privacy side, an example might be making it harder to delete an account (or to find out how to go about doing so) than it is to create an account in the first place.

Social Proof. This is the attempt to nudge consumers toward making a decision based on the supposed behavior of other consumers – for example, by highlighting an option that is “most popular” or that a certain number of people have purchased a product or service within the past hour.

Forced Action. This requires consumers to provide information or take an action in order to access specific functionality. For example, requiring consumers to supply payment information to access a “free trial” of a subscription was observed in over 66% of companies surveyed.

Urgency. This instills a sense of urgency for the buyer by creating a real or fake time or quantitative limit on the ability to purchase a product or service. Examples provided are countdown timers and banners that claim a product is low in stock.

Nagging. This includes sending out repeated requests to the consumer urging the consumer to perform an action that is favorable to the business. The thought behind nagging is that consumers will be more likely to take a particular action or give up their personal information to avoid the nuisance of receiving further prompts.

* * *

Neither report included any findings that a particular practice would rise to the level of a law violation, and this is one of the main critiques with the notion of dark patterns – where does a practice cross the line from clever marketing to an unlawful practice. Hopefully, readers of the reports are not meant to conclude that nearly every single one of the thousands of websites surveyed is engaged in deceptive marketing. But if the FTC is going to continue to shine a light on such practices, it would be helpful to businesses looking to comply with the law to understand which practices the FTC simply doesn’t like and which ones violate the law. That said, the reports provide a useful roadmap for what regulators may be looking out for and are therefore worth a read for anyone responsible for developing (or reviewing) online user flows, particularly in the context of subscription-based services or privacy controls.

[View source.]