The California Privacy Protection Agency has issued an Enforcement Advisory on the topic of dark patterns.
The California Consumer Privacy Act uses the term “dark patterns” to refer generally to user interfaces that subvert or impair consumers’ autonomy, decisionmaking, or choice when asserting their privacy rights or consenting to personal information processing activities. For example, when businesses provide choices to consumers, such as via cookie banners or in privacy preference centers, choices must be clear and presented in a balanced way.
The advisory provides three sample online interfaces with different designs and presents as a hypothetical that a business is faced with choosing between the three interfaces for its website. Each interface is meant to offer consumers browsing a website choices about the use of their personal information. The advisory is silent on the CPPA’s view on the three sample interfaces, but the business reviewing and choosing between the three samples is urged to ask five questions:
- Is the language used to communicate with consumers easy to read and understandable?
- Is the language used straightforward and does it avoid technical or legal jargon?
- Is the consumer’s path to saying “no” longer than the path to saying “yes”?
- Does the user interface make it more difficult to say “no” rather than “yes” to the requested use of personal information?
- Is it more time-consuming for the consumer to make the more privacy-protective choice?
The advisory ends by urging consumers who think a business is using a dark pattern to report it via the CPPA’s complaint form.
Businesses should continually evaluate their user interfaces to ensure they offer symmetrical choices and use clear, easy-to-understand language offering privacy choices—two of the attributes spelled out in the CCPA regulations and emphasized also by other U.S. regulators, such as the Federal Trade Commission (see our prior alert on this topic here).
