On November 7, the National Association of Attorneys General (NAAG) 2023 Consumer Protection Fall Conference held its public day with a number of substantive and interesting discussions about the current state of consumer protection enforcement by the FTC and, of course, state AGs. We will be bringing you a series about the conference panels, each of which discusses a hot topic of enforcement for the coming year.
First, Attorneys General Kwame Raoul of Illinois and John Formella of New Hampshire kicked off the day with a discussion on "Dark Practices Impacting Consumer Privacy," focusing on dark patterns with our very own Alysa Hutnik from Kelley Drye and Ben Wiseman, Associate Director of the Division of Privacy and Identity Protection with the FTC. We have previously covered dark patterns here and here and how they relate to typical UDAP claims; that sentiment was echoed throughout the morning's panel.
Attorney General Raoul started off self-deprecatingly, describing himself as an average consumer in regard to tech savviness, impacting his perspective regarding convenience versus vulnerability when it comes to consumer privacy and dark patterns. Attorney General Formella mentioned the struggle with trying to avoid becoming a nanny state while still protecting consumers, and compared some of the practices on the internet to having someone in a department store physically follow a person around watching everything they look at or nudging them to buy things. He posited that what we are talking about today on the internet is very similar but "in a more devious way."
Defining Dark Patterns
Wiseman defined dark patterns for the audience and described the four types of dark patterns outlined in the FTC's recent report, calling guarding against dark patterns the core of consumer protection and unfairness. Hutnik elaborated that the common theme in the FTC's report are common unfair and deceptive acts and practices concepts – failing to conspicuously disclose material information, but noted the struggle in identifying what is material to consumers and when there may be an adverse impact. Importantly, businesses should consider whether their practices would frustrate or surprise a consumer in a negative way.
General Formella moved the discussion, asking what type of data companies are collecting and what they are doing with the data. Hutnik explained that companies want positive and continuing relationships with their customers/consumers and to provide them with what they are interested in. Businesses also need to account for the obligation to be clear about their data practices, and any data sharing needs to address privacy obligations. Wiseman agreed that there can be benefits to certain data collection practices, but as consumers increasingly transfer their lives online, there is an increase of sensitive information and monetization of data without much regulation. General Raoul asked about consumer attitudes on data privacy and notices, and Wiseman said several recent studies have shown consumers are not satisfied with the current notice and consent regime. However, Hutnik noted that companies are making significant changes in response to recent state comprehensive privacy laws, and consumers are showing up with loyalty for companies that are upfront and responsible with consumer data, with user-friendly privacy options available to the consumer. Hutnik also pointed out the significant investment some of these businesses have been making in data management infrastructure to be able to comply with these laws and deliver a better user experience for consumers.
As far as privacy goes, Wiseman said that the FTC is looking increasingly to unfairness to handle these issues. But Hutnik responded that not every state has unfairness, but with comprehensive privacy laws cropping up in so many states, the challenge for businesses is looking ahead and building data strategies that account for the regulatory trend line. Attorney General Formella chimed in that New Hampshire is on the verge of passing their own comprehensive privacy law, with the legislature already committing resources to enforce.
General Formella asked about the FTC's priorities regarding enforcement in the area. Wiseman responded that the dark patterns report shows a lot of examples. During the panel, he referenced Vonage, BetterHelp, GoodRX, and Epic Games as recent examples of FTC enforcement in the area of dark patterns. While most people recognize Epic Games as a COPPA case, Wiseman specifically pointed to the design choices regarding unauthorized charges of "V-bucks" where the company changed its "undo" button to be less prominent after testing revealed it would reduce consumer clicks. He also discussed the state AGs' Google location tracking practices matter which Wiseman said included dark patterns in hiding material information and inducing false beliefs regarding settings.
As Hutnik explained, businesses should keep the following in mind when it comes to dark patterns and privacy:
- Tell consumers the truth and they tend to come back. It's a long game.
- Monitor consumer complaints for trends to determine whether you have an unintentional design issue that is leading to consumer frustration.
- Consider whether you truly need sensitive information for your business, and in any event align any collection and use with consumer expectations.
And from Wiseman's perspective, businesses should look to these resources to assist with compliance:
- 2022 Dark Patterns Report, which includes an appendix of prior enforcement
- Enforcement orders as well as complaints, because they give insight into how the FTC views practices and where they may become unlawful
- Current rulemaking efforts related to dark patterns: Negative Option and Junk Fees
To sum it up, both Hutnik and Wiseman agree that businesses should compete based on privacy for the benefit of consumers.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.