MaRBLe Seminar on AI-assisted Consumers: Shedding Light on Dark Patterns

  • Esra Kaplan
in Law
dark patterns

How does EU consumer laws address dark patterns on the Internet? This topic has been part of the scholarly debate during the panel discussion “The AI-assisted consumer”, organized on 6 December 2022 in collaboration with Glaw-Net and IGIR.

What are dark patterns?
Dark patterns make individuals perform certain behaviour which is usually against their interests and which they would not be performing in the absence of such patterns. There are two situations that dark patterns are mostly encountered. These include manipulative interface design to make individuals allow data processing and manipulative advertisement design of goods and services to convince consumers to engage in transactional activities.

The European Data Protection Board (EDPB) recognises six types of dark patterns as clarified by the Guidelines 3/2022:

  • Overloading: Users are provided with large quantity of requests, options or information to make them share more of their data or inadvertently allow data processing against their own expectations.
  • Skipping: Interface design makes users forget some or all aspects of data protection. Pre-selection of intrusive choices constitutes an example of it.
  • Stirring: Users’ behaviour is controlled by influencing their emotional state or adopting visual nudges. For instance, some questions including “Do you want to stay lonely?” or “Do you want to become popular?” might be encountered by users.
  • Hindering: Interface design impedes the efforts of users to become informed or manage their data by making it either impossible or hard to achieve these goals. This means that users may encounter high number of steps to choose less intrusive options.  
  • Fickle: Interface design makes it harder for users to understand the purpose of processing and causes confusion about how data protection control tools can be used. To exemplify, important piece of information might be provided without hierarchy or same information might be provided redundantly in several different forms on a continuous basis.  
  • Left in the dark: Interface design hides information or data protection control tools and confuses users about how their data is processed and the control they might have over it. For instance, brighter colours might be used to highlight more intrusive options.

There are specific subcategories under each of these six types of dark patterns. This list is non-exhaustive due to fast-paced technological advancements.

The European Consumer Organisation (BEUC) does not provide types of dark patterns. It demonstrates a more general approach to distinguish dark pattern practices. These include the following dark pattern practices:

  • Making certain decisions easier to make during a commercial activity.
  • Creating a false feeling of urgency or scarcity, which might include high demand messages.
  • Shaming consumers, which might be through social pressure or peer pressure.
  • Obstructing or confusing consumers, which might include use of questions with double negative.
  • Blinding consumers, including sneaking items into the basket.

How can dark patterns be challenged?
During the seminar, it was emphasised that the General Data Protection Regulation (GDPR) codifies the principle of fairness under Art. 5(1)(a), which is quite substantial against dark pattern practices. Fair processing of personal data aims to inform data subjects of their rights and the necessary information to make informed choices. Art. 13(2) and 14(2) GDPR further explain how to comply with the principle of fairness. It was also discussed that Art. 5 of the Unfair Commercial Practices Directive (UCPD) is considered as a starting point to combat dark patterns in commercial settings.

Additionally, it was addressed that although it might be useful to examine dark patterns through these different lenses, it would be remiss not to accept probable intersections. To exemplify, personalised – also known as targeted – advertisements might use dark pattern practices based on personal data, which might be obtained through other dark patterns that are particularly detrimental to data protection. For this reason, it was discussed that the Digital Services Act (DSA) should be thoroughly analysed to provide answers for such issues that arise due to advertisements on online platforms.

By Esra Kaplan, 3rd year bachelor student European Law and Marble student of the project“The AI-assisted Consumer”

  • Esra Kaplan