Banner artwork by fedrunovan / Shutterstock.com
The use of dark patterns
Do you ever stop and think about the intentionality of your online purchases? Perhaps you don’t even remember how you found a product. You may have fallen victim to a dark pattern, a tactic that may be used by marketers to increase product visibility and sales. The US Federal Trade Commission stated common dark patterns “are often presented as giving consumers choices about privacy settings or sharing data but are designed to intentionally steer consumers toward the option that gives away the most personal information.”
Imagine this: Company A is a retail company that receives 45 percent of its revenue from e-commerce sales. Now further imagine that a consumer is browsing the internet and stumbles across this retailer’s website which gives consumers the opportunity to “Accept all Cookies” or “Decline” before browsing. The accept all button is on the left side of the screen, and the decline button is on the right side of the screen.
Without much thought, the consumer clicks the accept all button. Little did the consumer know that Company A’s marketing team strategically placed the button on the left side because they understood — based on human psychology and case studies — 70 percent of online retail shoppers will unconsciously click the button on the left side of the screen.
Bots and human marketers use dark patterns to unconsciously persuade consumers to accept cookies on websites. Moor Studio / Shutterstock.com
The US Federal Trade Commission stated common dark patterns "are often presented as giving consumers choices about privacy settings or sharing data but are designed to intentionally steer consumers toward the option that gives away the most personal information."
There are many questions that arise when evaluating this scenario. Did the consumer unwillingly give their consent? Did Company A provide the consumer with the opportunity to opt-out? Could Company A's strategic placement of the "Accept all Cookies" button be considered a dark pattern? Is this a violation of the General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA)?
The importance of consent
Understanding human behavior and preferences is a crucial skill in any marketing role. This is nothing new. Successful marketing should appeal to consumers’ emotional and psychological needs. However, because of the use of dark patterns “consumers may be unaware of the privacy choices they have online or what those choices might mean,” thereby hindering consumers from making informed choices.
The collection of data and consent has become a hot button issue due to concerns about transparency and limited options for consent. Consent is a cornerstone in the GDPR; Recital 32 of the GDPR makes clear that consent must be informed, specific, unambiguous, and freely given.
In a similar manner, California’s position on dark patterns and a consumer’s ability to opt out is crystal clear: business must not use manipulative user interfaces that undermine decision-making or choices. Under the CCPA — as amended by the California Privacy Right Act (CPRA) — dark patterns are defined as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation.” In effect, it is crucial for companies to align their practices with the CCPA and prioritize consent and the ability to opt-out.
However, because of the use of dark patterns "consumers may be unaware of the privacy choices they have online or what those choices might mean," thereby hindering consumers from making informed choices.
While successful marketing strategies may lead to increases in consumer engagement and revenues in the short term, it can ultimately result in costly penalties and damage a company’s reputation if data privacy laws are not followed. If anything, the recent CPRA amendment serves as a reminder that companies — like Company A — must ensure consumers are provided the opportunity to make informed choices.
Marketing vs. data protection
Lawyers advising companies must be mindful of the tension between marketing tactics and data protection regulations, such as GDPR and CCPA, in obtaining consumer consent. While marketing plays a crucial role in boosting revenue of such companies, the use of dark patterns and deceptive user interfaces to obtain consent can be a violation of the data protection regulations. As marketers continue to understand the patterns of human psychology to increase product sales, transparency and ethical practices must remain at the forefront to maintain consumer trust and avoid legal consequences.
Disclaimer: The information in any resource in this website should not be construed as legal advice or as a legal opinion on specific facts, and should not be considered representing the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical guidance and references for the busy in-house practitioner and other readers.
