Last week, the FTC announced its release of a staff report discussing key topics from the April 29, 2021 workshop addressing dark patterns. The report states that the FTC will take action when companies employ dark patterns that violate existing laws, including the FTC Act, ROSCA, the TSR, TILA, CAN-SPAM, COPPA, ECOA, or other statutes and regulations enforced by the FTC. The report highlights examples of cases in which the FTC used its authority under these laws and regulations to bring enforcement actions against companies that allegedly used dark patterns. Accordingly, the report builds upon the FTC’s historical approach of using its existing authority to bring enforcement actions in this context.

The report also includes a list of mechanisms that the FTC alleges are dark patterns.  While the FTC explained how some of these are unlawful, the report was unclear whether or how others violated any of the laws above.  As Commissioner Wilson noted:

The term ‘dark patterns’ deserves a few words of explanation. It certainly sounds ominous – but as the report explains, not all dark patterns are unlawful. … While the use of this term may be relatively new and attention grabbing, at its core the term describes practices that have  long been the focus of FTC enforcement actions. For example, the agency has prosecuted companies that used ads deceptively formatted to look like news articles to drive sales;… sued websites and apps that obscured or hid fees;… and challenged efforts by companies that prevented customers from canceling memberships… Rules of thumb and decision-making shortcuts have value. And companies legally can capitalize on common heuristics in ways that increase profits.

The below bullets include categories of dark patterns in italics and specific examples in plain text.

  • Inducing false beliefs: advertisements that are formatted to look like news articles or falsely suggest impartiality.  The FTC already regulates such practices as deceptive, based on its native advertising enforcement.
  • Hiding or delaying disclosure of material information: hiding fees or including them at the end of a purchase flow only.  The FTC previously has brought numerous cases alleging such practices are deceptive in violation of Section 5 of the FTC Act.
  • Leading consumers to unauthorized charges: offering a free trial, which precedes a recurring subscription charge if the consumer fails to cancel, or advertising a game as free when the game permits in-app purchases.  Likewise, the FTC has brought actions involving such practices previously as violations of ROSCA and Section 5. 
  • Subverting privacy choices: graying out disfavored options, failing to provide sufficient notice of default settings, or conveying a false affiliation to manipulate consumers into sharing information. 
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey Tonsager
Show more Show less
Photo of Alexandra Scott Alexandra Scott
Read more about Alexandra Scott