As many developers may be well aware by now, lawmakers across the world are more and more interested in regulating software development. And it’s more than antitrust cases and regulating how business and markets behave. New rules in the works are covering processes and even foundational technologies (e.g. AI).
Policymakers are concerned about citizens’ wellbeing, beyond data protection and privacy. They think that current consumer protection laws need to be updated for the digital world. One of the main topics now on the table is the issue of so-called “dark patterns.”
Any developer knows the importance of UX/UI design for business success. It’s all about customer satisfaction after all: developers work hard for products that make users happy. As everywhere, the online environment has its own share of bad actors, as well as negligence and poorly designed products. Lawmakers want to get involved, as they feel that digital interfaces are a tricky business, more so than offline interactions. They feel the need to ensure extra-protection for users of digital products and services.
EU consumer protection law already offers such safeguards. However, the Digital Services Act (DSA), the freshly updated framework for content regulation, adds new specific rules, including a list of prohibited behaviors recognized as dark patterns. Unfortunately, as this is being written EU policymakers are still ‘refining’ the text they recently agreed on, so we still have to wait a bit to see the definitive provisions. Meanwhile, the European Commission published a study which would inform additional rules in the future. The study focuses on commercial practices that “often operate in a blurred area between legitimate attempts at persuasion and illegitimate manipulation techniques”. The research showed that these are used by businesses of all sizes and that “97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern and the most prevalent were hidden information/false hierarchy, preselection, nagging, difficult cancellations, and forced registration.”
The European Data Protection Board has also published a set of guidelines – “Dark patterns in social media platform interfaces: How to recognise and avoid them,” aimed to help designers and users of social media platforms on how to assess and avoid patterns that infringe on GDPR requirements. In response, the Coalition for Digital Ads of SMEs (of which Developers Alliance is a partner) has called for coherence between different pieces of legislation and official interpretations, as these guidelines are only a piece of a complex legal puzzle that is potentially costly for developers.
The UK is also in the game, with the Consumer and Markets Authority (CMA)’s Behavioral Hub recently summarizing evidence on online choice architecture (OCA) and how “digital architecture can harm competition and consumers.” The discussion papers are also looking into the interactions between the use of OCA and algorithmic systems. The CMA is encouraging businesses, “if not doing so already, to conduct compliance programs, including behavioral audits or other forms of self-assessment, to determine whether their use of OCA is consistent with consumer protection and competition law.”
These recent policy developments are a clear signal that lawmakers and regulators (at least the European ones) are not afraid to roll up their sleeves and get deep into frontend issues. They’ll be interfering in the decisions on what is good for your users and asking for “compliance by design.” While certain practices and design choices are clearly a no-go, there remains a large and uncertain space where internet businesses and their UX/UI designers will just have to be very careful from now on. Regulatory compliance will have to be at the top of product managers’ list throughout the entire life cycle of those products. Legal expertise will be essential, as well as cooperation with relevant regulators.
Let us know what you think. We’ll continue to keep you updated and help you cope with ‘regulatory dark patterns’.