dark pattern couverture
Source: Orange
EditorialEnglishNews

Dark Pattern: the pitfalls of the web 👾

Cliquez ici pour lire en français

“Dark Patterns” are a subject that concerns us all. Far from being dark, dark patterns are nevertheless designed to operate in the shadows and without your knowledge.

Dark patterns, what are they ?

If you go online, you’ve probably come across popups like this one:

dark pattern

The website tells you how they use cookies and other data. Even though you don’t always have to accept these terms it will seem like you do, simply because most websites design their notifications to make you click on what they want without you really realising it: this is called « Dark Patterns ». In January 2019, the CNIL Innovation Laboratory ( abbreviated as LINC) published a study on dark patterns in its IP notebook n°6: The shape of choices. According to this report, some of these practices may remain compliant from the point of view of the RGPD, but depending on the case, the manner and the techniques involved, they may either raise ethical questions or become non-compliant and « when the various [dark pattern] techniques are implemented with the aim of accumulating more data than necessary on individuals, When the various [dark pattern] techniques are implemented with the aim of accumulating more data than necessary on individuals, customers or citizens, they no longer only raise questions of ethics and the responsibility of digital services with regard to attention-grabbing in particular, but they also come up against the basic principles of the RGPD, which gives individuals greater rights with regard to the use made of their data » (page 27)

la forme des choix extrait d'article

Source: the shape of the choices

The CNIL identifies four objectives for dark patterns:

  • « Push the individual to share more than is strictly necessary »
  • « To influence consent
  • « Create friction to data protection actions
  • « Distract the individual ».

The Dark Pattern Detection Project has identified 20 different types of dark patterns, which it has grouped into 5 categories (which we will illustrate in a later article): pressure tactics, obligations, obstacles, secrecy and tricks designed to achieve the objectives mentioned above.

Today, we will focus on the third point, which in other words, aims to discourage the user from exercising his or her privacy rights, and we will highlight the most visible types of dark patterns.

Privacy rights

Since the advent of GDPR, a new privacy regulation in Europe implemented in May 2018, companies are obliged to ask for users’ consent before using their confidential and other data. This is of course a hindrance for most companies that make money from processing user data (like Google and Facebook for example). These websites therefore rely on the consent of their users in order to process their data. This is highly unlikely to happen on the part of the users.

To increase their chances of getting consent, websites use Dark Patterns and design their forms so that it is very easy to validate consent.

respect vie privée

Too much reading? Let’s go to a concrete case!

Example 1: the dark pattern in everyday life

Companies use designs, symbols and warnings to influence users’ decisions

dark pattern symbols

Very often notifications appear when the user is in a hurry and wants to use a service immediately. This is not a coincidence. This puts pressure on the user to make a decision in a hurry so that they can use the services quickly: you guessed it, this is a pressure technique.

Example: trying to access websites.

Only the validation buttons are highlighted and when we are pressured, we feel we have no choice but to accept.

respect vie privée

Before March 2021

dark pattern googleExample 2: WhatsApp and GDPR

Have you ever tried to object to the use of your personal data by WhatsApp? This is not even an option on the app. You have to go to the WhatsApp website under the help centre. The video below will show you where to find this informations :

As you can see, you need to send an email specifying which elements of the data processing you wish to object to, and specifying your rights and freedoms affected by the data processing. Afterwards, depending on the strength of your arguments, WhatsApp reserves the right to decide whether or not you are right. All this becomes very tedious very quickly. Finally, if you do not have a good grasp of these rights or if you are not accompanied, it will be very difficult for you to get what you want. All this is in order to discourage users: it is an obstacle technique.
As you can see, dark patterns are designed to manipulate users by using various techniques such as pressure and obstacles to prevent them from making decisions that would not be to the company’s advantage.

The CNIL intervenes to regulate certain dark patterns

In September 2020, the CNIL, which has published guidelines and recommendations on cookies and other trackers, is pushing for the use of mechanisms and designs that ensure transparency of information and freedom of choice for users of online services.  It mentions several dark patterns as being contrary to the RGPD and the Data Protection Act, including :
  • Activating or pre-ticking a consent box
  • The continuation of activity on a website or application as a sign of consent to the deposit of cookies or the use of tracers
  • The absence of the possibility of refusing in a single action all the data processing carried out by the service on the basis of consent (« Refuse all » button)
  • A more complex action to refuse the deposit of cookies or the use of trackers than to accept it
Following this publication, all digital actors had until March 2021 to bring themselves up to date before starting to be sanctioned. Several sites have already made the necessary changes to avoid repercussions. Google is an example:
These prerogatives are available under this link: Deliberation No. 2020-092 of 17 September 2020 adopting a recommendation proposing practical methods of compliance in the event of the use of « cookies and other tracers » (cnil.fr). We strongly advise you to read them if you ever have to set up a website.

Qu'en avez-vous pensé?

Excité
0
Joyeux
0
Je suis fan
0
Je me questionne
0
Bof
0

Vous pourriez aussi aimer

Laisser une réponse

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Plus dans:Editorial