KG LEGAL \ INFO
BLOG

DECEPTIVE PATTERNS – CURRENT LEGAL ISSUES

Publication date: October 14, 2024

Deceptive tactics (deceptive patterns) on the Internet are various forms of unfair actions intended to mislead the user.

Deceptive interfaces (also known as “dark patterns”) used on the Internet not only violate consumer rights, but also data protection laws. In recent years, consumer surveillance authorities at national and EU level have been paying particular attention to consumer rights in digital markets and the protection personal data on the Internet. This trend is a consequence of the dynamic growth of e-commerce, the escalation of digitization under the influence of the pandemic and the growing number of violations of consumer rights. A critical area is the design practices of online platforms and manipulation techniques used on them. Inspections carried out by the European Commission and the CPC network (Consumer Protection Cooperation Network), which includes consumer protection authorities from 23 EU member states, Norway and Iceland, showed that as many as 40% of online stores use deceptive interfaces.

  1. How to avoid deceptive design patterns in social platform interfaces

In the era of dynamic development of digital technologies and the growing number of users of social media platforms, the design of user interfaces plays an increasingly important role. One of the most important aspects of this process is avoiding the so-called deceptive design patterns that can mislead users, manipulate their decisions, and invade their privacy.

Deceptive design patterns are intentionally designed user interface elements that influence user behavior in a way that makes it more difficult for them to make informed decisions and protect their personal information. They are often used to increase user engagement, force them to take specific actions or minimize churn. Avoiding these patterns requires a conscious and ethical approach to design that focuses on protecting user rights and the transparency of interactions.

Designing interfaces with users in mind requires following several basic rules. First of all, interfaces should be intuitive and easy to use, and information regarding personal data protection should be presented in a clear and understandable way. We should avoid overburdening users with information and choices, which may lead to the so-called “information overload”. It is also important to provide users with easy access to privacy control tools that allow them to manage their personal data in a simple and transparent way.

  • What are deceptive design patterns

Deceptive patterns (also known as dark patterns) are tricks used on websites and apps that cause you to do things you didn’t mean.

Deceptive design patterns are design practices that are intended to influence user behavior in ways that are detrimental to user privacy and the protection of personal information. These patterns are often used to manipulate users’ decisions, for example by hiding important information, forcing them to take certain actions or making it difficult to opt out of services. This goes against the idea of ethical design and user protection, and may also have serious legal consequences. Entrepreneurs should avoid such practices and always strive to ensure fair and transparent user interface design to avoid the losses that their use may cause. An example of deceptive design patterns is the so-called “dark UX”, where interfaces are designed in such a way that users make decisions that are unfavorable to themselves. This may include hiding unsubscribe options, displaying misleading messages, or manipulating the page layout to trick users into clicking somewhere specific.

  • How deceptive design patterns are classified

Deceptive design patterns can be divided into two main categories: content-based patterns and interface-based patterns.

Content-based patterns refer to the actual content and context of the information presented to users. These may include manipulating language, hiding important information, or presenting data in a misleading way. For example, registration forms may contain hidden consents to receive newsletters that are difficult to notice.

Interface-driven patterns concern how content is presented, navigated, and users interact with the interface. They may include page layout, colors, button size or their arrangement. For example, cookie consent buttons may be prominent, while decline options are hidden or difficult to see.

  • Types of deceptive design patterns

Deceptive design patterns can be divided into six main categories:

  1. Overloading: This technique refers to too many requests and information that the user must process. Examples include constant prompting, a privacy maze, and too many options to choose from.
  2. Omission: This technique consists in designing the interface in a way that causes users to forget about data protection aspects. Examples include deceptive coziness and manipulative distraction techniques.
  3. Incitement: This consists in influencing users’ choices by appealing to emotions. Examples include emotional control and withholding important information in subtle ways.
  4. Obstruction: this is blocking users from accessing information or managing data. Examples include dead ends, longer than necessary processes, and deceptive efforts to discourage users.
  5. Instability: An inconsistent and unclear interface that makes it difficult for users to navigate and make decisions. Examples include lack of information hierarchy, decontextualization, and interface inconsistency.
  6. Leaving the recipient/user in suspense: hiding information or data control tools, leaving users in a state of uncertainty. Examples include conflicting information and ambiguous wording.
  • How to deal with deceptive design patterns

Dealing with deceptive design patterns requires a proactive approach and application of best design practices. First of all, it is necessary to identify and understand the patterns used in the project. An interface audit should be performed to detect potential issues and deceptive elements.

Implementing the principles of transparency, data minimization and responsibility in accordance with GDPR is the next key step. Interface design should be data protection by design, which means taking these principles into account at every design stage.

It is also important to regularly assess and update design practices to ensure they are compliant with data protection regulations. This includes monitoring changes in regulations, educating project teams and implementing new technologies and tools supporting data protection.

Finally, leveraging best design practices that make it easier for users to control their data and exercise their rights is key. This means designing interfaces in a transparent, intuitive and user-friendly way, which translates into their trust and satisfaction with using the platform.

Avoiding deceptive design patterns in social media platform interfaces not only protects users, but also builds a positive image of the company and strengthens its reputation as a responsible and ethical digital service provider.

  • Deceptive design

Deceptive design, also known as Dark Pattern, is intentional misrepresentation, often involving the manipulation of prices, promotional offers or transaction terms in such a way as to unfairly favor certain groups of consumers over others. These laws provide a framework of legal protection that can be applied to dark situations patterns, when traders use deceptive techniques to mislead consumers or manipulate their behavior in the market. This protection aims to ensure fair competition and protect consumer interests against unfair economic practices. The European Data Protection Board reminds about the mentioned GDPR rules in guidelines 3/2022.

Examples of such action will be vaguely worded messages, the so-called pop- ups with action confirmations, where, under time pressure and unclear guidelines, it is difficult to make a decision. Another example will be deception, for example when the interface is designed to simply divert our attention, or the color coding of action buttons. In the case of the unsubscription confirmation window, instead of the highlighted “Yes, I want to unsubscribe” button, the “No, but no” button will be larger and clearer. Another example would be the ads themselves, which pretend to be an interface, tricking the user into clicking, and misleading the user. What is more, confirmation sharing is also possible , i.e. messages that are intended to play on the user’s emotions (e.g. “I don’t want great discounts”).

  • Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC

The provisions contained in the Regulation, namely in point 67, explain that deceptive interfaces on the online interfaces of online platforms are practices that significantly distort or limit, intentionally or in practice, the ability of service recipients to make independent and informed choices or decisions. These practices are at odds with the foundations of ethics and can be used to induce service users to engage in undesirable behavior or to make undesirable decisions that have negative consequences for them. Online platform providers should therefore be prohibited from misleading or inducing service users to act in a particular way and from impairing or limiting the autonomy, decision-making or choices of service users through the structure, design or functions of the online interface or part of it. The provisions on deceptive interfaces should be interpreted to cover prohibited practices falling within the scope of this Regulation to the extent that those practices are no longer covered by Directive 2005/29/EC or Regulation (EU) 2016/679.

  • Legal regulations in Poland

The Internet is a space for concluding various types of contracts on a mass scale. In the process of performing a legal transaction, a necessary condition is that the parties submit consistent declarations of will.

Fraudulent tactics online are primarily regulated under consumer law and data protection regulations. Below there have been included most often applicable legal scope for applying dark patterns.

  1. Consumer law: Most countries have laws that protect consumers against unfair trade practices. They concern, among others: the prohibition of misleading, false advertising of products or services, and the requirement for transparency in information provided to consumers.
  2. Protection of personal data: Regulations such as the General Data Protection Regulation (GDPR) in the European Union apply to the processing of personal data. These regulations require businesses to ensure that consumers’ personal data are processed lawfully, fairly and transparently.
  3. Civil Code: Dark Patterns are user interface design techniques that are intended to mislead consumers or manipulate their online behavior. In the context of Polish law, such practices may be qualified as a defect in the declaration of will in accordance with Art. 84 of the Civil Code. In practice, this means that entrepreneurs are obliged to ensure the transparency of information provided to consumers when concluding online transactions. The use of Dark Patterns may lead to disruption of consumers’ actual understanding of the terms of the contract and to unconscious decision-making about the purchase of additional services or products. Legal protection of consumers also covers failure to fulfill information obligations by entrepreneurs, which may result in evasion of the consequences of a defective legal transaction.

An example of an act of unfair competition related to dark patterns may be the action described in Art. 15 section 1 point 5 of the Act on Combating Unfair Competition, which prohibits “actions aimed at forcing customers to choose a specific entrepreneur as a contractor or creating conditions enabling third parties to force the purchase of goods or services from a specific entrepreneur.” This provision covers situations where a trader uses various techniques, including dark patterns, to force consumers to choose their products or services, for example through misleading user interfaces that effectively manipulate their decisions. Another example may be Art. 15 section 1 point 3 of the Act, which prohibits “factually unjustified, differential treatment of certain customers”.

Unfortunately, in Poland, as well as in other Member States, it is repeatedly emphasized that the current law is unable to effectively deal with the problem of abuse of bargaining power. An option for a party who has been harmed in some way is to file a civil lawsuit, but this is not efficiently regulated and does not provide certain security.

So what are prohibited market practices that violate the equality of the parties? Unjustified termination of contracts, unilateral termination of contracts, imposition of contract templates without the possibility of negotiating their content, and the like are prohibited. Anyone who has knowledge about the use of unfair practices may submit a relevant notification. In Poland, NASK and the Ministry of Digitization cooperate to ensure the cybersecurity of Poles. Social campaigns raising the awareness of Internet users are intended to draw attention to the most common threats from cybercriminals. The campaign is co-financed by the European Union. In order to combat websites that are used to extort money, CERT Polska has been maintaining a list of warnings against dangerous websites for over three years. Only in 2022, 43,283 domains were placed on it – which contributed to increasing the security of Internet users.

  • Competencies of the President of the Office of Competition and Consumer Protection

The President of the Polish Office of Competition and Consumer Protection, as part of his competences to combat unfair use of contractual advantage in the agri-food sector, carried out a series of interventions aimed at protecting product suppliers against excessive demands from retail chains.

An anonymous survey proposed by the Office of Competition and Consumer Protection was sent to organizations associating suppliers of agricultural and food products. The aim is to collect information about unfair practices of retail chains, such as unjustified fees or unfair discounts applied to suppliers. The Office of Competition and Consumer Protection encourages entrepreneurs to complete the survey, ensuring anonymity and the possibility of providing information through industry organizations.

The European Commission has also conducted surveys to monitor unfair trading practices in Europe, as part of the implementation of Directive (EU) 2019/633. The EC study aimed to assess the effectiveness of the measures taken by Member States in combating such practices.

Examples of decisions by the President of the Office of Competition and Consumer Protection regarding retail chains include penalizing companies such as Jeronimo Martins Polska (Biedronka), Eurocash, Kaufland Polska Markety, SCA PR (Intermarche) and Auchan Polska. In each case, the decisions concerned various unfair practices, such as imposing unfair discounts, additional and unjustified fees, and requiring price reductions for products after they were sold.

The actions of the President of the Office of Competition and Consumer Protection and the European Commission are aimed at protecting suppliers of agri-food products against abuses of retail chains, ensuring fair trade conditions and compliance with the regulations governing relationships in the supply chain.

  1. The Polish Ministry of Development and Technology is working on a draft law to ensure easier implementation of the regulations

The draft’s justification highlights the problem of the growing dependence of business users, in particular micro, small and medium-sized enterprises, on digital service providers such as online intermediation services and online search engines. The Ministry believes that there is a need to introduce changes aimed at limiting the dominant position of these suppliers in relation to users.

As part of the planned changes, it was proposed to expand the definition of the act of unfair competition. According to the new regulations, the following activities will be considered as violating the provisions of the P2B regulation:

  1. Terms of use,
  2. Conditions for limiting, suspending and terminating the provision of services,
  3. Determination and description of placement parameters,
  4. Descriptions of differential treatment,
  5. Providing an internal complaint handling system.

The new rules aim to provide business users with effective means of redress against providers of online intermediation services using unfair market practices. Under the proposed project, these claims may be pursued in private complaint proceedings before intellectual property courts.

In the context of the introduction of the Digital Markets Act, the extension of the competences of the President of the Office of Competition and Consumer Protection (Polish “UOKiK”) was also announced. According to the assumptions of the project, the President of the Office of Competition and Consumer Protection is to be empowered to:

– Carry out own-initiative investigations into non-compliance with the gatekeeper obligations set out in the Digital Markets Act.

– Receive notifications regarding non-compliance with this act.

Work is currently underway on the final shape of the changes. The project assumes that the new regulations will enter into force on the day following its announcement. Progress on the project can be followed on the website of the Government Legislation Center.

UP