Not to be left behind by other regulators, the California Privacy Protection Agency (CPPA) recently issued an enforcement advisory on "dark patterns" in the context of the notice and consent required under the California Consumer Privacy Act (CCPA). As we've previously discussed, dark patterns are a subset of "deceptive marketing" and are also known as "deceptive design patterns." The Federal Trade Commission (FTC) released a report in 2022 outlining the various methods companies employ, such as "making it difficult for consumers to cancel subscriptions or charges, burying key terms or junk fees, and tricking consumers into sharing their data."
The scrutiny of dark patterns has only intensified since then, and states like California are jumping in. The CCPA defines dark patterns as "[u]ser interfaces or choice architectures that have the substantial effect of subverting or impairing a consumer's autonomy, decision making, or choice" and says consumer agreement obtained through dark patterns does not constitute consent. The CPPA advises companies seeking to obtain consumer information to use language that is easy to understand and to avoid technical or legal jargon.
The CPPA also asks companies to incorporate a principle called "symmetry in choice." The CCPA Regulations defines "symmetry in choice" as a "path for a consumer to exercise a more privacy-protective option" that "shall not be longer or more difficult or time-consuming than the path to exercise a less privacy-protective option because that would impair or interfere with the consumer's ability to make a choice." Put simply, this means the consumer should be presented with relatively the same amount of information when asked to either provide their information and data or decline to do so. The advisory provides the below guidance:
The CPPA enforcement guidance also suggests a series of questions that businesses should ask to avoid using dark patterns:
- Is the language used to communicate with consumers easy to read and understandable?
- Is the language used straightforward, and does it avoid technical or legal jargon?
- Is the consumer's path to saying "no" longer than the path to saying "yes"?
- Does the user interface make it more difficult to say "no" rather than "yes" to the requested use of personal information?
- Is it more time-consuming for the consumer to make the more privacy-protective choice?
Regulatory concerns regarding dark patterns continue to spread to every corner and industry with other regulators like the Consumer Financial Protection Bureau (CFPB) weighing in. The FTC also continues to bring enforcement actions and extract settlements in the millions of dollars using a dark pattern theory (see our most recent blog on the case of Care.com).
Join a co-chair of the Venable Privacy and Data Security Group, Kelly DeMarchis Bastide, at the Privacy & Security Forum in October, where she will discuss dark patterns and how they relate to privacy and consumer data concerns and advice for best company practices.
Watch our summer 2024 update on Dark Patterns, Junk Fees, and Autorenewals. For an in-depth discussion on dark patterns and how various regulators have incorporated the concept in their enforcement activities, watch our webinar, Dark Patterns: Are They as Shady as Everyone Claims?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.