FTC Shines a Light on Digital Dark Patterns

Companies that operate e-commerce sites or mobile apps are likely familiar with an online design practice known as digital dark patterns. However, they may not be aware of the Federal Trade Commission (FTC)’s evolving position on such practices, certain of which the FTC has consistently found to be unlawful.. A recent FTC report on the subject (“FTC Report”) offers important insights on common digital dark pattern practices and warns that aggressive enforcement action is likely.

Background
In April 2021, the FTC held a public workshop on digital dark patterns, exploring “whether user interfaces can have the effect of obscuring, subverting, or impairing consumer autonomy and decision-making.” Their findings are contained in the FTC Report released last month.

What are Digital Dark Patterns?
Digital dark patterns are online design, wording, and layout elements that leverage people’s cognitive biases to improperly influence their conduct or prevent them from making informed decisions. Most anyone who has used mobile apps, websites, or is an e-commerce consumer has encountered some of these manipulative design practices, which include such tactics as pre-checked boxes, terms of acceptance (e.g., “I accept”) in really small font size, pre-filled shopping carts, pre-approval for offers when that is not the case, time or quantity limits when none really exist, hidden subscriptions, and vague or confusing language. More subtly, even colors, shapes, and screen location can unfairly manipulate a consumer’s response.

Companies employ dark patterns because they have proven to be highly effective. Essentially, consumers are tricked into doing things they most likely would not have done if a full and proper disclosure had been made. Moreover, because dark patterns are purposely designed to be subtle or hidden, it can be difficult for consumers to spot them.

The FTC Report Findings
In its report, the FTC explains that dark patterns can be found in e-commerce, cookie consent banners, children’s apps, subscription sales, and more. Likewise, some dark pattern techniques can be more effective on mobile apps, which consumers increasingly rely upon as a primary means of engagement. The FTC Report also notes that we can expect to see new forms of dark patterns deployed in the emerging fields of AR (augmented reality) and VR (virtual reality). Appendix A to the FTC Report provides a helpful compilation of types of common digital dark patterns and Appendix B provides some examples of dark patterns.

The FTC Report focuses on four types of dark patterns that are likely to result in enforcement action.

1. Design Elements that Induce False Beliefs

Dark patterns that induce false beliefs, resulting in a consumer being misled about what they are doing, include:

• advertisements deceptively formatted to look like independent editorial content;
• purportedly neutral comparison-shopping sites that actually rank companies based on compensation;
• countdown timers on offers that are not actually time-limited;
• claims that an item is almost sold out when there is actually ample supply; and
• false claims that other people are also currently looking at or have recently purchased the same product.

The FTC Report advises companies ensure they do not create false beliefs or otherwise deceive consumers by asking a simple question of whether consumers have an accurate understanding of the material terms of the transaction. The FTC Report also clarifies that companies will be responsible for the net impression conveyed by the design, and not just the veracity of certain words in isolation. If a company becomes “aware that a particular design choice manipulates consumer behavior by inducing false beliefs,” the FTC Report recommends that the company should proactively remediate the problem.

2. Design Elements that Hide or Delay Disclosure of Material Information

Dark patterns that hide or obscure material information from consumers include:

• burying key limitations of the product or service in Terms of Service documents that consumers don’t see before purchase;
• tricking people into paying hidden fees; and
• “drip pricing” in which only part of a product’s total price is disclosed in order to lure in consumers and only mention other charges late in the buying process.

The FTC Report advises that companies targeting a specific audience, such as children, older adults, or native speakers of other languages, take into consideration how their design choices will be perceived by these groups. For example, if a business primarily markets to older adults, it should avoid design elements that may be harder for older consumers to perceive, such as featuring important information at the periphery of the screen or in a light color. Disclosures made with poor color contrast, such as a white-text disclosure on a yellow background, are similarly problematic.

3. Design Elements that Lead to Unauthorized Charges

Dark patterns that trick a consumer into paying for goods or services that they did not want or intend to buy include such practices as:

• advertising an app as “free” while burying in fine-print that app users can make in-app purchases, especially when the app is used by children;
• offering a free trial period that, unbeknownst to the consumer, is followed by a recurring subscription charge if the consumer fails to cancel; and
• making it hard to cancel a subscription, resulting in ongoing recurring charges.

In response to this category of dark patterns, Congress passed the Restore Online Shoppers’ Confidence Act (“ROSCA”) in 2010. ROSCA prohibits a seller from charging for goods and services sold over the internet through use of a “negative option” feature unless the seller:

• clearly and conspicuously discloses all material terms of the transaction before obtaining the consumer’s billing information;
• obtains a consumer’s express informed consent before charging the consumer’s account; and
• provides simple mechanisms for a consumer to stop recurring charges.

The FTC Report notes that acceptance of a general Terms of Service or similar document that contains unrelated information does not constitute affirmative, unambiguous consent to a particular purchase. Rather, the report suggests that a company must obtain informed consent from consumers before charging them by, at a minimum, ensuring that their consent procedures include an affirmative, unambiguous act by the consumer and avoiding placement of key purchase terms in Terms of Service or a similar document, or in hyperlinks, pop-ups, or drop-down menus.

With respect to cancellation, the FTC Report advises that cancellation mechanisms must be at least as easy to use as the method the consumer used to buy the product or sign up for the service; and if a telephone number is offered, it must be properly staffed.

4. Design Elements that Obscure or Subvert Privacy Choices

Dark patterns involving design elements that obscure or subvert consumers’ privacy choices include user interfaces that:

• do not allow consumers to definitively reject data collection or use;
• repeatedly prompt consumers to select settings they wish to avoid;
• present confusing toggle settings leading consumers to make unintended privacy choices;
• purposely obscure consumers’ privacy choices and make them difficult to access;
• highlight a choice that results in more information collection, while greying out the option that enables consumers to limit such practices;
• include default settings that maximize data collection and sharing; or
• convey a false affiliation to manipulate consumers into sharing personal information.

The FTC report encourages companies to be good stewards of consumer personal information, to include data minimization measures in any business plan, and to collect only data that is necessary to provide the service being requested by the consumer.

In this respect, the FTC Report advises companies to:

• avoid default settings that lead to the collection, use, or disclosure of consumers’ information in a way that the consumer did not expect (and collect data only when the business has a justified need for collecting the data);
• make consumer choices easy to access and understand – consumers should not have to navigate through multiple screens to find privacy settings or have to look for settings buried in a privacy policy or in a company’s terms of service; rather, they should be presented at a time and in a context in which the consumer is making a decision about their data, and any toggle options presented to the consumer should not be ambiguous or confusing, and one option should not be more prominent than another; and
• present choices about information, particularly sensitive information, so that it is clear to the consumer what they are consenting to – as opposed to a blanket consent – and should be presented along with information that they need to make an informed decision (for example, that if the consumer consents to the collection of their information, that information will be shared with third parties).

Conclusion
The FTC Reports concludes with a warning of future action against any company that uses dark patterns in violation the FTC Act, ROSCA, the TSR, TILA, CAN-SPAM, COPPA, ECOA, or other statutes and regulations enforced by the FTC. If your company currently uses such design practices, it may make sense to review them in light of the specific recommendations contained in the FTC Report. If you have questions about the FTC’s position on dark patterns or other e-commerce issues, please contact Don Levy at [email protected].

 

Don Levy is a Partner with Outside GC’s California-based team. Don is a seasoned transactional and commercial attorney with deep experience in the Internet/e-commerce, SaaS, communications (wireless and satellite), semiconductor, software, mobile device, market research, and entertainment/media.  As a former legal and business executive, Don helps technology companies efficiently and creatively navigate complex legal issues in dynamic environments. Don can be reached at [email protected].