ARTICLE
25 September 2024

California Regulator Cautions Businesses Against The Use Of Dark Patterns

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
On September 4, the California Privacy Protection Agency ("CPPA") issued an Enforcement Advisory cautioning businesses against the use of "dark patterns" in their consumer-facing user interfaces.
United States California Privacy

On September 4, the California Privacy Protection Agency ("CPPA") issued an Enforcement Advisory cautioning businesses against the use of "dark patterns" in their consumer-facing user interfaces. The California Consumer Privacy Act ("CCPA") defines the term "dark pattern" as "a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision making, or choice" when asserting their privacy rights or consenting.

Under the CCPA, "agreement obtained through the use of dark patterns does not constitute consent." The advisory accordingly highlights that the effect on consumers, rather than a business's intent, is the relevant consideration in determining what constitutes a dark pattern. The advisory further emphasizes that user interfaces should offer "symmetrical choices" that are clear and balanced when providing consumers with the option to transact or share privacy information. Specifically, the advisory recommends that businesses should ask themselves the following questions in assessing whether their user interfaces present consumers with compliant choices:

  • Is the language used to communicate with consumers easy to read and understandable?
  • Is the language used straightforward and does it avoid technical or legal jargon?
  • Is the consumer's path to saying "no" longer than the path to saying "yes"?
  • Does the user interface make it more difficult to say "no" rather than "yes" to the requested use of personal information?
  • Is it more time-consuming for the consumer to make the more privacy-protective choice?

According to the CPPA, interfaces with dark patterns obscure or delay the process for consumers to opt out of sales or the sharing of their personal information. Another example offered in the advisory is an interface with cookie choices that only allow consumers to choose between "yes" or "ask me later" options, in contrast with compliant interfaces offering clear "accept all" and "decline all" options.

Putting it into Practice: The CPPA advisory indicates that dark patterns remain a key area of focus for regulators at both the state and federal levels (see previous blog posts here, here, and here). The advisory serves as a reminder for businesses to review their consumer-facing interfaces in order to ensure they do not run afoul of regulatory guidance on patterns. This also includes user interfaces that businesses deploy through service providers.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More