This year did not get off to the best start for Epic Games, the developer of the popular game Fortnite. At the end of 2022, Epic agreed two settlements for more than $500m with the Federal Trade Commission (FTC) in the US. The first was for children’s privacy violations. The second was for dark patterns practices. Epic had used the tactic to deter customers from cancelling or requesting refunds for unauthorised charges.
What are dark patterns?
You may not have heard of dark patterns before but you will definitely have encountered them online. They are designed and implemented to subvert or impair user decision making to benefit the company using them. They’re also prolific. In 2022, a report by the European Commission (EC) found that “97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern”.
They are against the spirit of the GDPR, which requires companies which rely on consent as their lawful basis to process personal information to ensure that consent has been freely given. It’s an area regulators, including the ICO and the FTC, have said they’re going to be cracking down on. The EC Commissioner for Justice, Didier Reynders, has also announced the EC will focus its 2023 mandate on regulating dark patterns and in the US, the California Privacy Rights Act, which amended the CCPA as of 1 January 2023, inserted a definition of ‘dark patterns’ into the legislation. President Biden also referenced “manipulative design techniques” in this year’s State of the Union address.
The term ‘dark patterns’ was first coined by British user-experience researcher Harry Brignull in 2010. Although dark patterns existed before the internet, he says digital technology has accelerated their use because of how easy it is to find and optimise the patterns that work. “I think the internet has made it easier to industrialise the way in which we persuade and, in turn, manipulate and deceive each other,” he adds. “With privacy, it’s quite difficult to think through and understand what the long-term implications are for you. You’re constantly leaking information about yourself to data brokers, and you don’t really know how they’re using it to market to you.” According to Brignull, the most commonly complained about companies are Google, Facebook, Amazon and LinkedIn.