Seven ways businesses can avoid dark patterns

Customers are becoming more savvy and regulators are cracking down on practices that manipulate users. Here’s what you need to know

By Emma Sheppard


February 2023

This year did not get off to the best start for Epic Games, the developer of the popular game Fortnite. At the end of 2022, Epic agreed two settlements for more than $500m with the Federal Trade Commission (FTC) in the US. The first was for children’s privacy violations. The second was for dark patterns practices. Epic had used the tactic to deter customers from cancelling or requesting refunds for unauthorised charges.

What are dark patterns?

You may not have heard of dark patterns before but you will definitely have encountered them online. They are designed and implemented to subvert or impair user decision making to benefit the company using them. They’re also prolific. In 2022, a report by the European Commission (EC) found that “97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern”. 

They are against the spirit of the GDPR, which requires companies which rely on consent as their lawful basis to process personal information to ensure that consent has been freely given. It’s an area regulators, including the ICO and the FTC, have said they’re going to be cracking down on. The EC Commissioner for Justice, Didier Reynders, has also announced the EC will focus its 2023 mandate on regulating dark patterns and in the US, the California Privacy Rights Act, which amended the CCPA as of 1 January 2023, inserted a definition of ‘dark patterns’ into the legislation. President Biden also referenced “manipulative design techniques” in this year’s State of the Union address.

The term ‘dark patterns’ was first coined by British user-experience researcher Harry Brignull in 2010. Although dark patterns existed before the internet, he says digital technology has accelerated their use because of how easy it is to find and optimise the patterns that work. “I think the internet has made it easier to industrialise the way in which we persuade and, in turn, manipulate and deceive each other,” he adds. “With privacy, it’s quite difficult to think through and understand what the long-term implications are for you. You’re constantly leaking information about yourself to data brokers, and you don’t really know how they’re using it to market to you.” According to Brignull, the most commonly complained about companies are Google, Facebook, Amazon and LinkedIn.

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your free audit

Types of dark patterns

There are a number of different tactics used. Brignull has identified five main ones, including: 

  • Privacy Zuckering – named after Facebook CEO Mark Zuckerberg, this measure tricks users into sharing more information than they intend to
  • Bait-and-switch – patterns that advertise a free or very cheap product that’s unavailable, serving up higher priced products instead
  • Confirm-shaming – which makes it difficult for users to decline an email newsletter (eg “No thanks, I don’t like learning about interesting things”)
  • Misdirection – using confusing wording or making one choice more prominent than the other (eg. the classic bright green ‘Accept’ button next to the darker ‘More information’ button
  • Roach motel design – providing an easy path to get in but a difficult path to get out, such as when it’s easy to sign up to a subscription but much less easy to cancel.  

Dark patterns have become so prevalent they can be accepted as design conventions. They’re low-effort and high impact. One research paper examining the effect of hidden vs upfront fees on several million users found hidden fees made customers more likely to complete a purchase, and led to them spending 21% more. But pushing customers into doing things that favour a website or app rather than themselves also damages trust and equals a loss of customers over the long term. A recent Which? study found 45% of those who’d encountered dark patterns said they left them feeling manipulated or annoyed. Other research has shown certain groups are more susceptible such as lower income individuals, older adults, ethnic minorities and other historically disadvantaged groups.

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

How to avoid using dark patterns

It seems illogical to spend money, time and resources on creating the most effective apps, websites or marketing campaigns, only to engage in practices that damage customer trust – in the short and long term. It’s also entirely possible for businesses to engage in ethical design and put privacy first. 

Here’s how: 

  1. Use language that’s easy for customers to read and understand
  2. Don’t impose unnecessary friction when customers try to cancel, unsubscribe or refuse to subscribe in the first place. Explain consequences in a neutral way.
  3. Offer ‘symmetry of choice’ options, such as ‘yes’ and ‘no’, rather than ‘yes’ and ‘ask me later’ and never use pre-selected checkboxes to obtain consent (that’s a breach of the UK GDPR and GDPR)
  4. Avoid manipulative user interfaces and language that might make a consumer act a certain way
  5. Use A/B testing cautiously. There are benefits to testing marketing messages and user interfaces but look out for incidents where consumers are being influenced to make decisions against their interests 
  6. Try to make sure terms and conditions are easy to access and disclosed early and prominently in the user flow, rather than at the end of a transaction
  7. Include a privacy expert right at the start of the design process

More to watch and read