Recent Penalty imposed for applying dark patterns
Publication date: November 29, 2023
At the beginning of October 2023 a fine of almost PLN 5.2 million was imposed by the Polish Office of Competition and Consumer Protection on the Scandinavian distributor of supplements and PLN 110,000 on its president of the management board for using dark patterns in e-commerce.
The regulator found seven such practices in the activities of the company selling dietary supplements. The regulator assessed that consumers could be misled by the first contact with the company’s offer, boasting “over a million satisfied customers” of a given product, while this information concerned the total number of the entrepreneur’s customers. Some marketing materials also referred to alleged recommendations of the European Food Safety Authority. Above all, the manipulation of the fined company consisted in offering a free sample of a dietary supplement. When the consumer clicked to confirm his willingness to receive it, a new window opened – with a message similar to the previous one in terms of graphic form and content, but it did not concern a free sample, but an annual paid supply of a given product along with a subscription.
After analyzing complaints about this practice, the regulator found that ordering a free sample and being redirected to a paid subscription occurred in direct succession – and could not be distinguished by consumers.
Practices related to redirection and subscription of dietary supplements, including invoking social proof (“a million satisfied…”) to manipulate customers, should be treated as dark patterns (deceptive interfaces) – this is what the regulator said.
In the era of universal access to e-shops and the dynamically developing e-commerce market, the issue of ethics and compliance with regulations is becoming a key element of the discussion. One of the challenges that clients and organizations currently have to face to ensure compliance of entrepreneurs’ activities with applicable regulations and protect consumer interests against practices that may violate laws or business ethics are the so-called “dark patterns”. These are subtle yet powerful interface design tools used to mislead consumers and manipulate their decisions.
The concept of dark patterns covers a variety of practices, such as intentionally obstructing service unsubscribe processes, intentionally hiding key information, or using persuasive strategies aimed at persuading customers to make decisions that are not always consistent with their actual preferences. In the context of applicable European regulations, these unfair practices are becoming the subject of increasing attention of regulatory bodies, raising questions about compliance with consumer protection standards and the need to adapt e-commerce market regulations.
In this article, we aim to look at the phenomenon of dark patterns in the context of European legal regulations, analyzing what challenges they pose to entrepreneurs, consumers and regulatory authorities. In the context of the dynamic development of technology and the growing role of e-commerce, this issue becomes particularly important for lawyers dealing with consumer protection and creating regulatory policies adapted to the challenges of the modern digital market.
Research conducted by the European Commission sheds disturbing light on the presence of “dark patterns” in online stores and online services in the European Union. According to confirmed data, as many as 97 percent of platforms use these practices, which not only highlights the significant scale of this phenomenon, but also indicates the growing interest in it at the European level. This issue not only attracts the attention of EU legislators, but also supervisory authorities, especially those dealing with consumer protection. Actions taken at this level suggest that the fight against “dark patterns” is becoming a priority issue on the way to securing the interests and protecting consumer awareness in the European arena.
The Digital Services Act (DSA) scheduled to come into force in February 2024, defines “dark patterns” in section 67 as tactics that significantly impact the ability of users of online platforms to make autonomous and informed choices. In short, it is about practices of deliberately misleading or limiting consumers’ ability to make decisions when using digital services, all in order to induce them to act in accordance with the intentions of a given service provider, not always to the benefit of the recipient. In the context of DSA, such manipulative strategies are expressly prohibited, and these regulations are intended to emphasize the need to ensure transparency of the activities of online platforms and respect for the autonomy and awareness of consumers.
Under DSA regulations, the concept of “dark patterns” covers a range of practices, such as deceptive choice design, that are intended to induce service recipients to take actions that benefit the online platform provider, but not necessarily the users. They also include non-neutral presentation of choices by prominence of certain options, intrusive appeals to recipients to re-select, burdensome cancellation procedures and making it difficult and confusing for users to make decisions. It is important that this list is not exhaustive and the European Commission may issue guidelines on specific practices classified as “dark patterns”, adapting to the dynamic nature of the phenomenon (Article 25(3) DSA).
An illustration of the presence of dark patterns may be software that tries to install itself on our computer during the installation of another program. The offer to download or install this additional software appears in the main installation process, and messages regarding additional applications are worded in such a way that the user may get the impression that they are an integral part of the entire process, necessary for the proper functioning of the main product. This subtle trick can lead to unconscious consent to the installation of additional software, which is an example of sophisticated manipulation and the use of dark patterns.
The European Personal Data Regulatory Authority (EDPB) introduced the first Guidelines 3/2022, focusing on the phenomenon of “dark patterns” in the area of social media platforms. This term refers to sophisticated interface design strategies that are intended to influence users, distorting their ability to make decisions regarding the processing of personal data. The term “dark pattern” has been replaced by a more comprehensive term “deceptive design patterns”, which the EDPB believes better reflects the variety of deceptive practices occurring in the field of interface design.
These practices, identified as potentially harmful to the protection of personal data and the ability to make informed choices, include a variety of techniques. These include overloading users with too much information or options, deliberately omitting data protection aspects, using emotions and visuals to shape decisions, false time counters, hiding important product or service information, and obstructing the data management process. Additionally, the use of inconsistent and unclear interfaces, along with intentional concealment of information about data processing, is another dimension of this problem.
In the face of these challenges, the EDPB emphasizes the need to eliminate “dark patterns” on social media platforms, with the aim of protecting users from manipulation and guaranteeing them full transparency and control over their personal data. This initiative aims to ensure that interface design practices not only respect users’ privacy, but also enable them to make informed decisions about the processing of their data.
The implementation of these deceptive design patterns may conflict with GDPR provisions such as:
In a situation where the entrepreneur’s actions are considered to violate the collective interests of consumers, the entrepreneur may be punished for using dark trading patterns in online store or website. In such a case, the financial penalty may amount to up to 10% of the turnover for the previous year. If, however, dark patterns violate the provisions of the GDPR, the President of the Personal Data Protection Office may impose on the entrepreneur running a store or website a financial penalty of up to EUR 20,000,000 or 4% of the total annual turnover.
In the face of the dynamic development of e-commerce and widespread access to online platforms, the issue of “dark patterns” is becoming the central point of the debate on business ethics and compliance with regulations. This is even more urging in the view of recent penalties imposed by the regulatory bodies on entrepreneurs not complying to the prescribed rules in this respect. These subtle yet impactful interface design strategies pose challenges for customers, entrepreneurs and regulators.
In the context of GDPR, the implementation of “dark patterns” may violate principles such as fair data processing, data minimization, and consent requirements. The European Personal Data Regulatory Authority (EDPB) emphasizes the need to eliminate these practices, especially in the area of social media. To sum up, the fight against “dark patterns ” is not only a matter of compliance with regulations, but also of protecting consumers against manipulation. DSA, GDPR and EDPB initiatives aimed at eliminating these practices aim to ensure transparency, autonomy and security in the digital environment of commerce and online interactions.