You want to unsubscribe from a newsletter, but it’s almost impossible to find the link to do it. Or you’re trying to delete your account, but the website makes you go through an endless process of tabs and pop-ups. Well, those are dark patterns!
But what exactly are they and why are they used? Does the law say something about digital dark patterns? Or are you accidentally using a dark pattern, too?
In this post, we answer all these questions!
Dark patterns definition
Dark patterns are where design elements are used to influence people’s decisions and trick them into doing things they didn’t mean to do.
The term was first used in 2010 by the designer Harry Brignull, who has also created a website where he keeps a record of all the dark patterns on the web.
In recent times, dark patterns have been on the rise. In fact, you’ve probably fallen victim to dark patterns without realizing it.
Despite their popularity, dark patterns are not a good idea for many reasons which we’ll explore below. But first, let’s have a look at some examples.
One of the most popular uses of dark patterns is within cookie banners. Companies tend to encourage users to give their consent in different ways. Here are a few:
Epic Games, developer of the popular video game Fortnite, was sentenced to pay a penalty $245 million for their use of dark patterns. The US Federal Trade Commission found that the company was tricking users into making unwanted purchases.
Fortnite is video game with more than 400 million registered users, and most of them are kids. According to the FTC, Epic Games did not explain its billing practices properly and designed an interface that led to unauthorized charges.
While the phrase “dark pattern” was not explicitly referenced under laws like the GDPR, many of the deceptive practices have always been at odds with legal requirements.
Laws like the GDPR mandate that consent be “freely given” and directly mention that it should be as easy to withdraw consent as it is to give it.
Despite this, the use of dark patterns has been on the rise, leading Data Protection Authorities across the world to address it more directly.
🇪🇺👉 In the European Union, the Digital Services Act (DSA) aims at “creating a safer digital space where the fundamental rights of users are protected”. For this reason, the DSA has a specific section for dark patterns, in which is stated that the use of deceptive designs is forbidden. Learn more about the Digital Services Act here.
🇺🇸👉 California also has recently banned dark patterns. The new and updated version of the CPRA (CCPA amendment), the California Privacy Rights Act (CPRA), explicitly mentions: “agreement obtained through use of dark patterns does not constitute consent”. Businesses can’t sell users’ personal information if they’ve obtained it through dark patterns.
🇬🇧👉 The U.K. has issued a paper highlighting some harmful designs which can “trick consumers into giving up more of their personal data”. It urges organizations to stop using harmful design strategies and to provide consumers with clear, fair options when asking for personal data. Harmful practices that may violate data protection laws include: not offering clear choices for accepting/rejecting cookies for personalized advertising, having overly-complicated privacy settings, using manipulative language to get personal information, pressuring consumers to exchange their data for discounts, and grouping choices in a way that makes consumers share more data than they want to. Read the full paper here.
Dark patterns are illegal because they are deceptive user interface designs intended to manipulate or deceive users into taking actions they would not otherwise take. They are a violation of consumer protection laws that prohibit unfair and deceptive business practices.
Now, more than ever, privacy is a big concern for many people. So it’s important to act in compliance with data privacy legislations and process users’ data in alignment with the law.
Dark patterns are not the right way to get consent from your users.
Of course, they are forbidden. But it’s not just that!
Collecting consents through deceptive designs could invalidate the data you’ve collected and really damage your reputation as a business.
With that said, there are ways to improve your consent rates while staying on the right side of the law.
Dark patterns aren’t the only way to improve things like consent rates. In fact, doing things the right way will help you to avoid expensive, unpleasant surprises (see NOYB complaints), and will also help you to gain your users’ trust.
Based on our research, here are 5 tips to help improve your cookie consent rate – while still respecting your users and the law:
Making it easy for users to see the specific reasons you’d like their consent and what it’s for is not only a great way to gain their trust, but it also increases the opportunities for consent.
For example, a user who might not want to be tracked for advertising may still choose to consent to cookies for measurement if given the choice. This can improve your consent rates because users can make a more conscious choice, and not just reject all cookies at once.
Make sure that the CMS you’re using allows granular consent and activate it.
If you’re using iubenda, this will be selected by default. In cases where you might have deselected this option for some reason, you can simply go to your Privacy Controls and Cookie Solution dashboard, and make sure that the Learn more and customize button is selected.
Humans in general often change their minds – and your users are no exception. Making it easy for users to update their consent preferences can benefit your site in several ways. Firstly, it’s great for transparency and user experience. Secondly, it gives you more opportunities for consent.
Let’s say that some element on your website (eg. a video) can’t load because users have rejected cookies. By making it easy for users to edit their preferences, you’re both making their experience better and increasing your chances to get new consent.
Add a widget on your home page that allows users to reopen the preferences panel.
Our Privacy Controls and Cookie Solution configurator has a specific section for the privacy widget: you can choose its look, position, colors, and more.
You shouldbe transparent about the purposes of cookies and the categories you’re using. Avoid misleading descriptions or classifying non-essential cookies as technical cookies, that is deceptive.
But it’s not just about transparency here.
In her study, Doctor Ellen Langer demonstrated the power of the word “because”. She found out that people generally tend to agree with something if you explain why they should.
You need to add all this information in your cookie policy. It can be a part of your privacy policy, or a different document. Remember to link it within your banner.
Need to create one? Check iubenda’s Privacy and Cookie Policy Generator.
A logo is the equivalent of your company’s face.
We’ve found that cookie banners that have a logo usually tend to have a higher consent rate.
That’s because people are more likely to trust companies that they can recognize at a glance and are honest about their privacy practices.
When creating your cookie banner, add your logo and make it clearly visible.
If you’re using iubenda, you can just upload the logo of your company and remove iubenda’s branding. In this way, the cookie banner will look as a native part of your website.
In our research, we’ve found that the position of your banner could make a difference in your consent rates. For example, placing your banner at the top of your page could boost your consent rates by 16%.
It’s really easy: when embedding your banner, choose the top of the page.
If you’re using iubenda, our Privacy Controls and Cookie Solution allows you to choose the placement you like the most and see the result live with the visual dashboard.
Yes!
You should rely on a CMP that is built keeping in mind the strictest regulations and the best practices to increase your consent rates.
Our Privacy Controls and Cookie Solution does just that.
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.