Across every geographic region, companies may be subtly tricking and manipulating consumers with their use of dark patterns. Dark patterns (also known as “deceptive patterns”) are practices used by organizations to deceive consumers or make it difficult for them to express their privacy preferences. There are currently countless popular websites that use dark patterns to manipulate consumers into sharing more data than they intended or prefer. Organizations have also used dark patterns to influence purchases by illusory scarcity or fabricated reviews. Consumer trust is essential to the success of an organization and requires an awareness and attention to the harmful use of dark patterns in website and app designs.
Dark Patterns and the Regulatory Environment
Earlier this year, the United States Federal Trade Commission (FTC) brought an action against an organization for their intentional use of dark patterns. The FTC claimed that the organization manipulated consumers into enrolling into their membership subscriptions that automatically renew. It was noted the consumers found it challenging to purchase items without a subscription, and when attempting to cancel the subscription, there was a deliberately complicated process.
In this case, the process to cancel a subscription required the consumer to click a minimum of six times from the company’s website. Each of the required clicks were not necessarily easily accessible from the last click:
- Membership Central
- Manage Membership
- End Membership
- Continue to Cancel
- Continue to Cancel
- End Now
Because of the gently coercive design tactics the organization used, the FTC alleged the cancellation process was a labyrinth. This is just one example of how an organization’s use of dark patterns attracted regulatory attention.
Privacy Dark Pattern Impacts
Many deceptive user interface design tactics employ psychological techniques, including manipulative or confusing language. These tactics can include complicated privacy settings, where preferences are distributed across multiple pages. The example image below shows the use of manipulative language to gather personal information by creating uncertainty about whether users can enter the website without sharing their email address and where the option to proceed without sharing is not clearly presented.
Implementing dark patterns into the user experience may not only impact the corporation’s bottom line through fines and reputational damage, but it also erodes consumer trust across industries. The use of dark patterns may also disproportionately affect and harm marginalized groups, including lower-income individuals and individuals with lower levels of educational attainment. Organizations should be aware of how deceptive interface practices impact their customer relations and satisfaction.
Where Do We Go from Here?
Enterprises can put methods in place to avoid fines and erosion of consumer trust. A Privacy by Design (PbD) approach incorporates privacy protection measures into the design interface. This method works to protect consumers’ data from unwanted collection and ensures enterprises are honest and transparent about the data they collect and how it will be used. PbD makes users’ data protection a priority and minimizes intentional deceptive patterns.
Another method enterprises can use to address deceptive patterns is collaborating with User Experience (UX) and marketing departments within their organization. UX professionals provide valuable insights based on their unique experience working closely with information security, legal, compliance and risk management. By collaborating with marketing professionals, there is an opportunity to ensure marketing tactics are aligned with company mandates regarding deceptive patterns and to build trust with consumers. Although ensuring alignment with organization mandates is essential, it may be necessary to go beyond this and implement additional anti-deceptive designs to gain the trust of users.
ISACA’s Eliminating Deceptive Privacy Practices white paper provides further details about what dark patterns are and how organizations can address these deceptive tactics. It is crucial that organizations foster a collaborative environment with privacy professionals to adopt interface designs that are not employed to manipulate consumers to gain a competitive advantage. Adopting a user-centric approach to interface design will benefit both the enterprise and consumers in the long run.
