Google and Facebook could face further penalties if they don’t change their practices.
There’s no doubt that Google and Facebook are two of the biggest tech giants in the world. But recent revelations about their use of deceptive design patterns, or dark patterns, have put them in hot water with regulators and consumers alike.
Decoding dark patterns
According to DarkPatterns.org, dark patterns are tricks used in websites and apps that dupe you into doing something, such as buying or signing up for things, contrary to your intent. Regulators and lawmakers in the U.S. and European Union (EU) are highly concerned about dark patterns and have introduced bills to crack down on their use. Below are some commonly used dark patterns:
- Manipulative cookie banners: When you enter a website, you will usually be asked by the cookie banner whether you want to allow cookies for browsing the site. Some cookie banners are designed to have a bigger “accept all” button, and if you want to change your cookie settings, you will have to get into another window by clicking a “manage to set” button. This makes it harder for users to reject cookies for the website.
- Confirmshaming: Users are shamed for not doing something suggested by the website, such as taking a survey or subscribing to a newsletter. For instance, an e-commerce website might want to collect your email address by offering you a coupon. If you don’t want to share that with the site, you might have to click a button that says, “No thank you, I don’t want to save money”.
- Forced continuity: This dark pattern makes it hard for users to cancel their subscriptions. Some companies, like Netflix and Hulu, might extend your subscriptions without telling you and charge you automatically when the next payment date arrives.
- Disguised ads: Ads designed to look like part of the content on a page, making it difficult for users to distinguish between ads and the actual content.
- Privacy zuckering: Named after Facebook CEO Mark Zuckerberg, this dark pattern design refers to users being tricked into sharing more personal information than they intended to. Data brokering, in which users consent to companies selling your data collected by them, is a common and less obvious way to “zuck” up your privacy.
These dark patterns have one thing in common: they exploit human psychology to get us to do something we wouldn’t normally do. Now that you know what dark patterns are, let’s delve into how they have brought Google and Facebook into huge trouble.
Google & Facebook fined for leading users into cookie traps
In January 2022, France’s National Commission for Information Technology and Freedom (CNIL) hit Google, YouTube and Facebook (now Meta) with a total of EUR210 million (US$237 million) in fines over their use of cookies. CNIL has determined that these sites make it difficult for users to refuse cookies, while accepting them is as simple as a one-click button. The CNIL has fined Facebook and Google for violating the 2002-published ePrivacy Directive, or the cookie law, which defines that businesses must obtain consent before using the collected cookies for advertising purposes. If Google, YouTube and Facebook do not take steps to correct their actions within three months, the French government will impose an extra penalty of EUR100,000 a day on both firms.
For Facebook, French users first have to click on a button labeled “Accept Cookies” to get to the second window to refuse cookies. According to the CNIL, such labeling “necessarily generates confusion“, leading users to believe they have no choice.
On the other hand, the issue with Google is one of asymmetry, not mislabeling. The CNIL points out that Google’s two services (including Google.fr and youtube.com) allow users to accept cookies with a single click. However, they must click through several menu options to reject them.
Besides the ePrivacy Directive, another law that regulates data protection and privacy matters in the EU is the General Data Protection Regulation (GDPR). Published in 2016, the EU law has already imposed fines of more than EUR1 billion on dishonest data collection and usage. In July 2021, Amazon was whacked by Luxembourg’s National Commission for Data Protection with a EUR746 million fine—the biggest GDPR fine—on how it uses customer data for targeted advertising purposes. Later, in September of that year, Ireland’s Data Protection Commission fined WhatsApp for EUR267 million for not being transparent about how the app used users’ personal data.
Combating dark patterns
Dark patterns are particularly common on e-commerce sites and social media platforms where users are constantly asked to take specific actions, such as buying a product, clicking on an ad or sharing something with their friends. Besides websites, many smartphone applications also adopt these deceiving designs to collect your data. If you want to protect yourself from dark patterns, you should take notes on these points:
- Be aware of common dark pattern tactics.
- Take your time when making decisions online. Don’t rush into clicking on something you’re not sure about just to get through it.
- Be cautious of sites that require you to create an account before viewing content. You can often find the same content elsewhere without signing up for anything.
- Use an ad blocker. This will help to protect you from some of the more common dark patterns, like forced clicks on ads.
- Check out the privacy policy of a website or app before you use it. This may sound exhausting and redundant, but you can gain insight into how your data will be used and collected.
As dark patterns gain public awareness and regulatory attention, it’s clear that companies need to do better if they don’t want to be slapped with millions of dollars in fines. While dark patterns can boost profits or increase engagement, they are leveraged to trick and mislead users, ultimately breaking the trust between companies and customers. In the future, it’s important for companies to be more transparent about their design choices and to stop using dark patterns.
Header image courtesy of Pexels
