How Privacy Laws are Combatting the Growing Threat of Dark Patterns

-

Created with Microsoft Bing Image Creator powered by DALL-E

How Privacy Laws are Combatting the Growing Threat of Dark Patterns 


Introduction to Dark Patterns

        Dark Patterns have become increasingly scrutinized by privacy regulators in the past year. Dark patterns are tactics used to trick or manipulate users into making purchases or providing personal information. Common examples used by companies today include misleading or disguised advertisements, difficult-to-cancel subscriptions or charges, burying key terms and junk fees in dense text, and tricking users into sharing their data. Their use by companies is widespread, with a 2019 study finding over half of 5000 privacy notifications sent by companies in Europe utilizing dark patterns, and only 4.2% of them giving their users the choice to give consent to collecting their personal data. Moreover, it has become revealed that those impacted by dark patterns increasingly include minors, such as in children's apps and games, which along with the expanding usage and scope of dark patterns have prompted a harsher crackdown by regulatory agencies such as the FTC

Why do dark patterns matter? 

        The main issue of dark patterns is that they manipulate consumers into making choices that are not in the consumers' interest, but that of the company's instead. In particular, the lack of informed consent (where consumers are made fully aware of the reasoning and consequence of their choice) is what causes dark patterns to violate most privacy laws and legislation against unfair practices. Although not all dark patterns usage may be illegal, depending on the specific tactic used and the laws or regulations that apply, considering the increasing scope and development of privacy laws, they are likely to violate the principles of informed consent or unfair practices and thus be considered a breach of such laws. 

What are some current examples? 

        The latest example, Epic Game's $520M settlement penalty for dark patterns and children's privacy violations, gives an example of how these exploitative practices impact both financially and on privacy rights. $245M of the $520M settlement are intended to refund customers for deceptive design tricks that duped players into making unintentional purchases. These deceptive designs by Epic Games also included making it difficult or confusing to undo purchases or request refunds, or request that personal information not be collected. 

        $275M was for violating the US's Children's Online Privacy Protection Act (COPPA), which applies to sites that targets or collect personal information about children under 13. After ruling that COPPA applied to Epic Games' Fortnite (due to factors such as children constituting a significant portion of playerbase, and 'Fortnite-branded merchandize' licenses owned by Epic Games), the FTC alleged that COPPA was violated due to the lack of parental controls in default settings that put children at risk(of bullying, threats, and sexual harassment) through voice and text chat. These involved "privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children" according to the FTC Chair Lina M. Khan. In the settlement, Epic Games agreed to delete all personal information of minors unless parental consent is given, as well as changing its default settings to opt-in rather than opt-out of such voice and text communications. 

How do existing laws deal with dark patterns? 

        In the US, legislation already exists that prohibit the use of such dark patterns, although there is variation in the methods and severity. For instance, the California Privacy Rights Act(CPRA) and the Colorado Privacy Act (CPA) both state that consent obtained via dark patterns do not constitute proper, valid consent, while the Virginia Consumer Data Protection Act (VCDPA) does not specifically mention dark patterns by name and merely defines consent, which could indirectly be argued as being violated if obtained through dark patterns.  Additionally, in a report on September 2022, the FTC reiterates their commitment to promoting awareness of dark patterns and cracking down on companies that abuse it. In terms of the FTC, it is dark patterns' nature as unfair and deceptive practices (Stated in the FTC Act) that bring it under its regulatory overview, as well as the Restore Online Shoppers' Confidence Act (ROSCA). In the EU, the European Data Protection Board (EDPB) adopted Guidelines on dark patterns which detail how dark patterns may breach GDPR requirements and thus subject the companies to regulation and possible fines for violating the GDPR. 

        In comparison, Canada does not have specific mention of dark patterns, as existing privacy legislation is rather outdated and a new privacy law (Bill C-27) is currently under review. Instead, Canada relies on requirements for meaningful consent for the collection, use and disclosure of personal information to protect consumers against dark patterns. Bill C-27 may provide more direct protection, with section 16 of Bill C-27 stating that an organization cannot obtain consent through "deceptive or misleading practices", which can likely be applied to dark patterns. Similarly, Canada's Anti-Spam Legislation (CASL) prohibits false and misleading statements that promote a business interest or product, which could indirectly be applied to some types of dark patterns. However, despite the potential use of principles of meaningful consent to combat dark patterns, Canada currently lacks specific prohibition of dark patterns nor can existing legislation be easily and directly applied against them. 

        Korea appears to be moving in a similar direction; Korea's Personal Information Protection Commission (PIPC) recently published the 'Personal Information Protection Investigation Promotion Direction in 2023' on Jan 11th, which states that their goal in the upcoming year is to create a trustworthy "digital ecosystem" through preemptive and preventive inspections to protect and promote privacy rights. Dark patterns are specifically mentioned by the PIPC among the areas of focus for inspection and investigation, alongside a focus on protecting children's personal information. Although there are no specific details yet, it seems that Korea will follow the methods used by the EDPB and the US's FTC in employing privacy laws to combat dark pattern usage. 

Conclusion: 

        Overall, a common theme seems to be an emphasis on the principle of 'informed, meaningful consent', with some legislation choosing to specifically address and prohibit dark patterns while other laws provide a more general prohibition against deceptive practices which could be applied to dark patterns. In the absence of specific legislation, the duty falls on regulatory agencies such as the Data Protection Officers, the FTC, and PIPC to investigate and if necessary, pursue legal action against companies that apply dark patterns to exploit consumers so that the significant financial penalties (as in the Epic Games case) may deter other companies. Thus it appears that in order to further protect consumer rights and privacy rights, more direct legislation and more enforcement powers for regulatory agencies is needed, especially in countries like Canada where the regulatory agencies lack the enforcement power wielded by those such as the FTC and in the GDPR. 


Comments

Post a Comment

Popular posts from this blog

Seeking ChatGPT's Insight: Are the Biden Administration's 'Trump-Proofing' Efforts Legally and Morally Justifiable?

-
Image
  Recently, polls indicate that former President Trump's chances for returning to Presidency have become increasingly likely. Given this, there have been rising attempts over the past year by the Biden administration to "Trump-proof" matters so that if Trump is re-elected, he will be unable to (or at least have difficulty in) reversing or nullifying the current policy and agreements.  I decided to ask ChatGPT on this topic because I was curious on whether these efforts by the Biden administration would be successful in restraining Trump, or even whether such actions were morally and legally viable. My doubts arose because actions taken to completely deny or restrain future Presidents from changing policy or agreements (generally speaking), especially if such measures came from Executive Orders, seem to be against the democratic spirit even if they are meant to protect against possible abuse of presidential power.  My question to ChatGPT: Do you believe that the Biden admi
Read more

ChatGPT's Age-related Slogans for Biden, Trump, and Desantis.

-
Image
          Looking at the upcoming US presidential elections, two of the three (as of now) nominees seem to face questions over whether they are 'too old' to run. At 80 years old, Biden is the oldest president to serve, with Trump similarly advanced in years at 76. Compared to them, DeSantis at 44 years old is far younger. Given this potential point of debate, I asked ChatGPT 4 to theorize how these presidential candidates might defend their positions or attack their opponents on the topic of age, as well as to generate possible political slogans they could use relating to this. Here is the political strategies ChatGPT suggested, as well as some creative slogans it came up with. Keep in mind, the entire following article and slogans were generated by ChatGPT, with no edits by myself aside from the initial prompting and guiding (through more prompts) to arrive at this result.  ChatGPT 4.0:  Title: Age as a Tool: Politicking in the Prime of Life and Beyond           In today's
Read more

Unraveling the WGA’s MBA with ChatGPT: Expert Analysis or Algorithmic Bias Towards Legalese?

-
Image
On Oct 9, the Writers Guild of America (WGA) overwhelmingly voted in favour of ratifying the 2023 Minimum Basic Agreement (MBA), which will apply until May 1, 2026. While most news outlets have reported on this as a major win for the writers guild, I grew curious on whether there were any shortcomings in the agreement since the the entertainment industry’s capitulation seemed to come quite abruptly compared to their former hardline opposition to any concessions. Since I am not a legal expert on contract law, I turned to ChatGPT instead to see if it could provide a fresh perspective. Given that the WGA provided both the complete 2023 MBA as well as a summary, I chose to try inputting both into ChatGPT, focusing particularly on the Artificial Intelligence clauses. However, the results made me ponder whether ChatGPT’s analysis might be influenced by bias or randomness. ChatGPT’s analysis of the summary and the complete 2023 MBA: Upon analyzing the summary, ChatGPT initially gave off a ske
Read more