Dark Patterns, Hidden in Plain Sight

If you’ve spent any time on the internet, chances are you will have experienced ‘Dark Patterns’ and may even have fallen foul of them. These deceptive techniques that are applied to user interfaces are designed to trick or mislead us into doing something that benefits the business behind them and very often this means giving up your personal data.

One of the most common places to find them is in cookie banners but they could show up anywhere that a website or app owner wants to try to convince (read ‘manipulate’) you into doing something you might not have done if it weren’t for their deceptive design pattern. Think ambiguous wording, ‘guiding’ font, asymmetrical colour placement, “accept our terms or leave” walls… is it starting to sound familiar?

The term ‘Dark Pattern’ was first coined by Dr. Harry Brignull, UX expert and founder of the Deceptive Patterns Initiative. On its website, Deceptive Designs, it lists sixteen types of these dark (deceptive) patterns that range from Comparison Prevention to Nagging to Visual Interference. Much has been written on the topic since Dr. Brignull’s paper in 2010 and regulators around the world are beginning to address the issue directly.

Earlier this year, the European Data Protection Board (EDPB) issued a guidance document on how to recognise dark patterns on social media platforms and how to avoid them. They define the practice as:

[using] interfaces and user experiences implemented on social media platforms [to] lead users into making unintended, unwilling, and potentially harmful decisions in regard to their personal data, [all] with the aim of influencing users’ behaviours.

In their guidance, the EDPB describes dark patterns in six categories:

  1. Overloading

Essentially, this means having information come at you at such a rate that you are bamboozled into accepting or divulging more than you intended.

  1. Skipping:

These dark patterns try to trick you into forgetting all you’ve ever learned about protecting your personal data.

  1. Stirring:

If you’ve ever felt ‘guilted’ into giving away your personal information, this is probably why.

  1. Obstructing:

At one time or another, we’ve all been stuck in one of those seemingly endless loops when trying to find information or unsubscribe from a service. Now we have a name for it.

  1. Fickle:

“This doesn’t mean what it meant on the previous page!” Next time you mutter this to yourself while browsing a website, you’ll know why.

  1. Left in the Dark:

You’ve searched all over the website for the privacy notice or for information on how to change your user settings and all you can seem to find is another spurious link or the dreaded ‘Error 404’… can someone turn the lights back on, please.

Dark patterns may be unintentional or deliberate – either way, they are unlawful, and the regulators are on the case. And not just the Data Protection authorities. The German Federal Financial Supervisory Authority (BaFin) issued a guidance last November in which they advised that investment firms must not use dark patterns on their trading apps or portals.

If your website or app uses dark patterns, you could be in breach of several laws. Maybe your sales team is using them “innocently” to drive lead generation, or your marketing team to drive website engagement.

Let’s play a game of hide and seek – go take a look at your cookies banner right now and if the ‘Accept All’ button is bigger than, brighter than, more prominently placed than the ‘Reject All’ button… tag, you’re it.

———————————————————————————————————————————————————————

Originally posted to LinkedIn on 25-05-2023

Author is Fiona Kiely, Senior Research Analyst and CDPO, CalQRisk

Recent News

CalQRisk Shortlisted as Best Technology Partner in Housing Digital Innovation Awards

CalQRisk has been named a finalist in the Housing Digital Digital Innovation awards. CalQRisk is nominated as best ...
Read More

CalQRisk Achieves G-Cloud 14 Approved Supplier Status

Delighted to confirm that following on from our GCloud 13 supplier status, that CalQRisk has been listed as ...
Read More

CalQRisk named as Finalist for Cyber Security Provider of the Year at the Cyber Insurance Awards Europe

CalQRisk are thrilled to be finalists for the Cyber Security Solution Provider of the Year at the Cyber ...
Read More

Volunteer Succession Planning – ‘Tomorrow’ has arrived.

Strong succession planning is critical for the viability of all businesses but can be particularly challenging for volunteer-led ...
Read More

What is CSRD?

The Corporate Sustainability Reporting Directive (CSRD) is a framework for non-financial reporting which is mandatory for large companies ...
Read More

CalQRisk Triumphs at the 2024 FS Awards, Winning Compliance and RegTech Award

At a distinguished ceremony held at the iconic Mansion House, CalQRisk emerged as the proud recipient of the ...
Read More

NoFrixion Selects CalQRisk for its DORA Compliance Efforts

NoFrixion, the Embedded Banking company based in Dublin, Ireland, has announced its partnership with CalQRisk to ensure compliance ...
Read More

CalQRisk is a finalist in the FS Awards

CalQRisk has been named as a finalist in the competitive and prestigious FS Awards for the Compliance and ...
Read More

CalQRisk Customer Support Manager wins Rising Star at Irish Early Career Awards 2024

Congratulations to our Customer Support Manager, Eimear Farrell, who was named as a Rising Star in the Fintech ...
Read More

CalQRisk wins Pitch Competition at ESCO Cyber Solution Days Event, Kilkenny, September 2024

The Cyber Ireland (CI) CISO Forum and ESCO Cyber Solution Days event took place in the Lyrath Hotel, ...
Read More