November 29, 2022

Volume XII, Number 333


November 28, 2022

Subscribe to Latest Legal News and Analysis

FTC Renews Focus on Dark Patterns

Following its 2021 Dark Patterns enforcement policy, the FTC recently issued a staff report on the practice. The report summarized many of the cases the agency has brought against companies it alleges have engaged in “dark patterns” designed to “get consumers to part with their money or data.” These include using design elements that induce false beliefs, that delay important and material information, that lead to unauthorized charges, or that subvert or confuse privacy choices.

In this new report, the FTC provides businesses with strongly-worded instructions about how to avoid collect personal information from consumers in a way that might be viewed as a dark pattern. These include:

  • Not setting system defaults to collect more information than a consumer would expect, or to use information in a way that consumers would not expect.

  • Making it easy for consumers to chose how their information gets used. Specifically, the FTC cautions against having multiple screens through which a consumer needs to navigate to exercise choice, or having ambiguously or confusingly worded toggle buttons.

  • The FTC also urges companies to look at the user interfaces they create from the perspective of the consumer.

  • Finally, the FTC provides specific direction about collecting and using sensitive information. Companies should make choices about how this information is going to be used clear and understandable, and give people the tools and information they need to exercise their choices. If sensitive information is sold, companies should vet the purchasers, how the purchasers will use the information, and importantly, monitor buyers’ use of the sold information.

Putting It Into Practice: This report follows on the heels of the FTC’s proposed privacy rulemaking and signals its ongoing concern that notice and choice presented to consumers be clear and understandable. Much of the advice in the report is familiar and indicate the FTC’s expectations of companies. Of note are (1) the direction to review user interfaces and (2) to monitor use of information (especially sensitive information) after it has been sold to third parties.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 270

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...