The European Data Protection Board (EDPB) recently published its draft guidelines on "dark patterns" in social media platforms. The EDPB defines dark patterns as user interface design leading users into actions based on unintended, unwanted and potentially harmful decisions regarding the processing of personal data. Dark patterns thus aim to influence users’ behaviour. Dark patterns refer to patterns that are seen but not (correctly) perceived and are intended to manipulate the user.
The dark patterns covered in the guidelines are divided into six categories:
- Overloading – confronting users large quantity of requests,
information, options or possibilities in order to overload them. - Skipping - designing the menu in a way that users “automatically” forget or do not
think about all or some of the data protection aspects. - Stirring - affecting users’ choices by making them feel guilty or appealing to their emotions or using nudges (e.g. emotional “persuasion techniques” or certain graphic design).
- Hindering – actively obstructing or blocking access to information and related rights by making the action hard or impossible to achieve (e.g. use of pop-ups saying “Are you sure?” when users refuse to state certain personal data).
- Fickle - the design of the interface is so inconsistent, unclear and contradictory that it is hard for the user to navigate (e.g. conflicting information).
- Left in the dark - the interface is designed in a way to hide information or data protection
controls (e.g. information is distributed over several pages/sections without any links or connections between these).
Some practical examples of "dark patterns" addressed in the guidelines are:
- making it more difficult to withdraw consent as opposed to giving consent,
- bundling of consents,
- use of vague terms or jargon,
- providing an excess of information
- selection options, faulty links
Although the guidelines "only" refer to social media platforms, the field of dark patterns is actually much larger. These techniques of manipulative design are often used in the creation of webshops to cause consumers to make purchasing decisions that they do not actually want to make. For example, some subscription services try to make it difficult to cancel services (e.g. buttons to cancel are hidden in a submenu). On the other hand, subscriptions are automatically renewed unless cancelled within a certain period of time.
Some of these dark patterns (still) constitute a legal grey area. Consumer rights are expected to be further strengthened in the near future by the EU Omnibus Directive and Digital Services Act, which will also have an impact on the use of dark patterns.
Of course, the provisions of the GDPR must also be observed. An example of the use of dark patterns and a violation of the GDPR would be the misleading design (here: so-called "nudging") of cookie banners.
"Dark patterns", "nudging", "skipping and "overloading" are terms that will continue to keep companies busy in their sales activities and Internet presences.
(Draft EDPB Guidelines on Dark Patterns)