Dark patterns online are tricky beasts, and are becoming more prevalent in the Australian online ecosystem. You often spot their influence well after the fact. Usually when you are wondering why you bought all those extra accessories or why you now have a subscription for sports gear that you cannot seem to get out of…
The ACCC has defined dark patterns (also known as "deceptive design" or a type of "choice architecture") as "the design of user interfaces intended to confuse users, make it difficult for users to express their actual preferences, or manipulate users into taking certain actions". Users can experience harm where dark patterns impact their ability to make free and informed decisions.
To give you a feel for the types of dark patterns that are out there, the European Data Protection Board has helpfully categorised dark patterns as:
- overloading: users are confronted with an avalanche or large quantity of requests, information, options or possibilities in order to prompt them to share more data or unintentionally allow personal information processing against their expectations;
- skipping: interface or user experience is designed in such a way that users forget or do not think about all or some of the data protection aspects;
- stirring: affects the choice users would make by appealing to their emotions or using visual nudges;
- hindering: obstructing or blocking users in their process of becoming informed or managing their data by making the action hard or impossible to achieve; and
- left in the dark: interface is designed in a way to hide information or data protection control tools or to leave users unsure of how their data is processed and what kind of control they might have over it regarding the exercise of their rights.
In addition to risks to consumers, dark patterns may also raise certain competition issues. Dark patterns can discourage consumers from switching to competitors and facilitate consumer lock-in contracts. In particular, in relation to browsers, the ACCC found some digital platforms use dark patterns to cause friction and forced action, which may make it more difficult for consumers to change their browser or search engines from the default options.
Regulating the use of dark patterns: what's happening overseas
The EU has various legal instruments that touch on dark patterns. These include the Digital Services Act (DSA), the Digital Markets Act, and the Unfair Commercial Practices Directive, as well as the AI Act which Members of the European Parliament overwhelmingly approved last month and the Data Act.
Recently passed amendments to the DSA propose to prohibit online platforms from using the "structure, function, or manner of operation of their online interface" to distort a consumer's ability to make a free, autonomous and informed choices. The amendment goes on to list various examples of conduct intermediary services must refrain from, including:
- giving more "visual prominence" to certain options presented to a consumer;
- repetitively asking for consent from the consumer to data processing when this consent as already been refused by the consumer;
- urging a consumer to change their settings or configuration of the service after the consumer has already made a choice;
- designing the termination procedure for a service to be particularly more cumbersome than the process for signing up to it; and
- requesting consent where the recipient of the service exercises his or her right to object by automated means using technical specifications.
The Netherlands Authority for Consumers & Markets, Norwegian Consumer Council and the French Commission Nationale de l'informatique et des Libertés have also released guidance on dark patterns. This guidance observed that dark pattern practices may be misleading and may amount to an unfair commercial practice.
In the UK, the Competition and Markets Authority has made two recommendations to better protect consumers. These include a "fairness by design" duty" which would apply to platforms when consumers are asked about sharing their data for advertising purposes, as well as the introduction of a "pro-competition intervention". In the United States, the California Consumer Privacy Act Regulations have been amended to preclude dark patterns when platforms are obtaining consent regarding the collection of their personal information.
Is it Australia's turn next to shine bright light onto dark patterns?
The ACCC certainly has dark patterns in its sights. The ACCC has communicated concerns around dark patterns in its Digital Platforms Inquiry and is considering requiring large digital platforms to design their user interfaces to better protect consumers online.
Specific regulatory measures (that appear modelled on the EU approach) are also being considered to curb certain practices in Australia. These include, for example:
- giving visual prominence to options that are beneficial to the platform when asking for consumer consent (whether by enabling more data collection, giving broader permissions, signing up to more expensive services, or impeding switching);
- repeatedly prompting a user to change a setting to one that would benefit the platform after they have already made a settings choice; and
- making the process for cancelling a service more difficult than signing up for the service.
The ACCC is also considering non-legislative measures such as guidance for businesses on how consumer laws apply to dark patterns, as well as a voluntary standard to address harmful behaviour that may not currently breach existing Australian consumer protection laws.