dark pattern

"Privacy Zuckering" – named after Facebook co-founder and Meta Platforms CEO Mark Zuckerberg – is a practice that tricks users into sharing more information than they intended to.https://old.deceptive.design/privacy_zuckering/https://www.deceptive.design/book/contents/chapter-20{{citation needed|date=September 2024}} Users may give up this information unknowingly or through practices that obscure or delay the option to opt out of sharing their private information.

California has approved regulations that limit this practice by businesses in the California Consumer Privacy Act.{{Cite web|date=2021-03-15|title=Attorney General Becerra Announces Approval of Additional Regulations That Empower Data Privacy Under the California Consumer Privacy Act|url=https://oag.ca.gov/news/press-releases/attorney-general-becerra-announces-approval-additional-regulations-empower-data|access-date=2021-12-13|website=State of California - Department of Justice - Office of the Attorney General|language=en}}

In mid-2024, Meta Platforms announced plans to utilize user data from Facebook and Instagram to train its AI technologies, including generative AI systems. This initiative included processing data from public and non-public posts, interactions, and even abandoned accounts. Users were given until June 26, 2024, to opt out of the data processing. However, critics noted that the process was fraught with obstacles, including misleading email notifications, redirects to login pages, and hidden opt-out forms that were difficult to locate. Even when users found the forms, they were required to provide a reason for opting out, despite Meta's policy stating that any reason would be accepted, raising questions about the necessity of this extra step.{{Cite web |last=Heikkilä |first=Melissa |date=June 14, 2024 |title=How to opt out of Meta’s AI training |url=https://www.technologyreview.com/2024/06/14/1093789/how-to-opt-out-of-meta-ai-training/ |archive-url=https://web.archive.org/web/20240614135315/https://www.technologyreview.com/2024/06/14/1093789/how-to-opt-out-of-meta-ai-training/ |archive-date=June 14, 2024 |access-date=December 31, 2024 |website=MIT Technology Review}}{{Cite web |last=Wrona |first=Aleksandra |date=2024-06-13 |title=Why Opting Out of Meta's Use of Facebook, Instagram Posts for AI Training Isn't Easy |url=https://www.snopes.com/news/2024/06/13/meta-ai-training-user-data/ |access-date=2024-12-31 |website=Snopes |language=en}}

The European Center for Digital Rights (Noyb) responded to Meta’s controversial practices by filing complaints in 11 EU countries. Noyb alleged that Meta's use of "dark patterns" undermined user consent, violating the General Data Protection Regulation (GDPR). These complaints emphasized that Meta's obstructive opt-out process included hidden forms, redirect mechanisms, and unnecessary requirements like providing reasons for opting out—tactics exemplifying "dark patterns," deliberately designed to dissuade users from opting out. Additionally, Meta admitted it could not guarantee that opted-out data would be fully excluded from its training datasets, raising further concerns about user privacy and data protection compliance.{{Cite web |title=noyb urges 11 DPAs to immediately stop Meta's abuse of personal data for AI |url=https://noyb.eu/en/noyb-urges-11-dpas-immediately-stop-metas-abuse-personal-data-ai |access-date=2024-12-31 |website=noyb.eu |language=en}}{{Cite web |title=DataGuidance |url=https://www.dataguidance.com/news/eu-noyb-files-11-complaints-against-meta-use-data-ai |access-date=2024-12-31 |website=DataGuidance |language=en}}

Amid mounting regulatory and public pressure, the Irish Data Protection Commission (DPC) intervened, leading Meta to pause its plans to process EU/EEA user data for AI training. This decision, while significant, did not result in a legally binding amendment to Meta’s privacy policy, leaving questions about its long-term commitment to respecting EU data rights. Outside the EU, however, Meta proceeded with its privacy policy update as scheduled on June 26, 2024, prompting critics to warn about the broader implications of such practices globally.{{Cite web |title=(Preliminary) noyb WIN: Meta stops AI plans in the EU |url=https://noyb.eu/en/preliminary-noyb-win-meta-stops-ai-plans-eu |access-date=2024-12-31 |website=noyb.eu |language=en}}{{Cite web |last=STAHIE |first=Silviu |title=Meta Forced to Pause AI Training on Data Collected from Facebook and Instagram Users in Europe |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/meta-forced-to-pause-ai-training-on-data-collected-from-facebook-and-instagram-users-in-europe |access-date=2024-12-31 |website=Hot for Security |language=en-us}}

The incident underscored the pervasive issue of dark patterns in privacy settings and the challenges of holding large technology companies accountable for their data practices. Advocacy groups called for stronger regulatory frameworks to prevent deceptive tactics and ensure that users can exercise meaningful control over their personal information.{{Cite web |last=Sawers |first=Paul |date=2024-10-03 |title=Hey, UK! Here's how to 'opt out' of Meta using your Facebook and Instagram data to train its AI |url=https://techcrunch.com/2024/10/03/hey-uk-heres-how-to-opt-out-of-meta-using-your-facebook-and-instagram-data-to-train-its-ai/ |access-date=2024-12-31 |website=TechCrunch |language=en-US}}

Bait-and-switch patterns advertise a free (or at a greatly reduced price) product or service that is wholly unavailable or stocked in small quantities. After announcing the product's unavailability, the page presents similar products of higher prices or lesser quality.{{cite web|url=https://webdesign.tutsplus.com/articles/dark-patterns-in-ui-and-website-design--webdesign-8506|title=Dark Patterns in UI and Website Design|last=Snyder|first=Jesse|date=10 Sep 2012|website=|publisher=evatotuts+|access-date=29 May 2017|quote=|archive-date=26 December 2022|archive-url=https://web.archive.org/web/20221226105844/https://webdesign.tutsplus.com/articles/dark-patterns-in-ui-and-website-design--webdesign-8506|url-status=dead}}{{cite web |url=https://darkpatterns.org/|title=Types of Dark Patterns|last=Brignull|first=Harry|date= |website=|publisher= Dark Patterns|access-date= 29 May 2017|quote=}}

ProPublica has long reported on how Intuit, the maker of TurboTax, and other companies have used the bait and switch pattern to stop Americans from being able to file their taxes for free.{{Cite web |date=2022-05-04 |title=The TurboTax Trap |url=https://www.propublica.org/series/the-turbotax-trap |access-date=2025-03-22 |website=ProPublica |language=en}} On March 29, 2022, the Federal Trade Commission announced that they would take legal action against Intuit, the parent company of TurboTax in response to deceptive advertising of its free tax filing products.{{Cite web |date=2022-03-29 |title=FTC Sues Intuit for Its Deceptive TurboTax “free” Filing Campaign |url=https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-sues-intuit-its-deceptive-turbotax-free-filing-campaign |access-date=2025-03-22 |website=Federal Trade Commission |language=en}}{{Cite web |date=2022-03-29 |title=FTC sues Intuit to stop 'bait-and-switch' TurboTax ads |url=https://apnews.com/article/business-federal-trade-commission-2684e2f02791b804c3207abe073e2c98 |access-date=2025-03-22 |website=AP News |language=en}} The commission reported that the majority of tax filers cannot use any of TurboTax's free products which were advertised, claiming that it has misled customers to believing that tax filers can use TurboTax to file their taxes. In addition, tax filers who earn farm income or are gig workers cannot be eligible for those products. Intuit announced that they would take counter action, announcing that the FTC's arguments are "not credible" and claimed that their free tax filing service is available to all tax filers.{{Cite news |last=Dress |first=Brad |date=2022-03-29 |title=FTC sues Intuit over TurboTax ‘free’ filing ad campaign |url=https://thehill.com/policy/technology/600252-ftc-sues-intuit-over-turbotax-free-filing-ad-campaign/ |archive-url=http://web.archive.org/web/20230822133204/https://thehill.com/policy/technology/600252-ftc-sues-intuit-over-turbotax-free-filing-ad-campaign/ |archive-date=2023-08-22 |access-date=2025-03-22 |work=The Hill |language=en-US}}

On May 4, 2022, Intuit agreed to pay a $141 million settlement over the misleading advertisements.{{Cite web |date=2022-05-04 |title=Intuit to pay $141M settlement over 'free' TurboTax ads |url=https://apnews.com/article/technology-business-new-york-united-states-personal-taxes-2427cfbc220382ca89ac992f6dde8030 |access-date=2025-03-22 |website=AP News |language=en}} In May 2023, the company began sending over 4 million customers their settlement checks, which ranged from $30 to $85 USD.{{Cite web |last=Valinsky |first=Jordan |date=2023-05-09 |title=TurboTax is sending checks to 4.4 million customers as part of a $141 million settlement {{!}} CNN Business |url=https://www.cnn.com/2023/05/09/business/turbotax-settlement/index.html |access-date=2025-03-22 |website=CNN |language=en}} In January 2024, the FTC ordered Intuit to fix its misleading ads for "free" tax preparation software - for which most filers wouldn't even qualify.{{Cite web |last=Kiel |first=Justin Elliott,Paul |date=2024-01-23 |title=FTC Orders Maker of TurboTax to Cease “Deceptive” Advertising |url=https://www.propublica.org/article/ftc-intuit-turbotax-cease-deceptive-advertising-free-filing-taxes |access-date=2025-03-22 |website=ProPublica |language=en}}

As of March 2024, Intuit has stopped providing its free TurboTax service.{{Cite web |last=FreeFile |title=IRS Free File Program delivered by TurboTax is no longer available |url=https://freefile.intuit.com/ |access-date=2025-03-22 |website=freefile.intuit.com |language=en}}

Drip pricing is a pattern where a headline price is advertised at the beginning of a purchase process, followed by the incremental disclosure of additional fees, taxes or charges. The objective of drip pricing is to gain a consumer's interest in a misleadingly low headline price without the true final price being disclosed until the consumer has invested time and effort in the purchase process and made a decision to purchase.

{{anchor|confirmshaming}}

Confirmshaming uses shame to drive users to act, such as when websites word an option to decline an email newsletter in a way that shames visitors into accepting.{{Cite web|url=https://www.uxbooth.com/articles/ux-dark-patterns-manipulinks-and-confirmshaming/|title=UX Dark Patterns: Manipulinks and Confirmshaming|website=UX Booth|language=en-US|access-date=2019-11-02|df=dmy-all}}

Common in software installers, misdirection presents the user with a button in the fashion of a typical continuation button. A dark pattern would show a prominent "I accept these terms" button asking the user to accept the terms of a program unrelated to the one they are trying to install.{{Cite web|url=https://content.invisioncic.com/Mtorrutor/monthly_2017_08/stuck.png.5b3f9c7d33b78f21febd28196cc70f0a.png|title=Terms of service for McAffee in μTorrent installer|date=2017|access-date=2018-10-13|df=dmy-all}} Since the user typically will accept the terms by force of habit, the unrelated program can subsequently be installed. The installer's authors do this because the authors of the unrelated program pay for each installation that they procure. The alternative route in the installer, allowing the user to skip installing the unrelated program, is much less prominently displayed,{{Cite web|url=https://www.ghacks.net/2013/07/17/sourceforges-new-installer-bundles-program-downloads-with-adware/|title=SourceForge's new Installer bundles program downloads with adware|date=2013-07-17|access-date=2018-10-13|last=Brinkmann|first=Martin|quote=... The offer is displayed on the screen, and below that a gray decline button, a green accept button ...|df=dmy-all}} or seems counter-intuitive (such as declining the terms of service).

Some websites that ask for information that is not required also use misdirection. For example, one would fill out a username and password on one page, and after clicking the "next" button, the page asks the user for their email address with another "next" button as the only option.{{Cite web|url=https://www.reddit.com/r/TheoryOfReddit/comments/71mker/why_do_we_need_email_addresses_to_create_reddit/|title=Why do we need email addresses to create Reddit accounts now?|quote=... you can skip it by leaving it blank.|date=2017|access-date=2018-10-13}} This hides the option to press "next" without entering the information. In some cases, the page shows the method to skip the step as a small, greyed-out link instead of a button, so it does not stand out to the user.{{Cite web|url=https://medium.com/@danrschlosser/linkedin-dark-patterns-3ae726fe1462|title=LinkedIn Dark Patterns|date=2016-06-05|first=Dan|last=Schlosser|access-date=2018-10-13|quote="... you need to find the tiny "Skip this step" link at the bottom right to proceed. Moreover, the link is placed outside of the blue box which ostensibly contains all relevant info or controls. ..."|df=dmy-all}} Other examples include sites offering a way to invite friends by entering their email address, to upload a profile picture, or to identify interests.

Confusing wording may be also used to trick users into formally accepting an option which they believe has the opposite meaning. For example a personal data processing consent button using a double-negative such as "don't not sell my personal information".{{Cite web |last=Vincent |first=James |date=2021-03-16 |title=California bans 'dark patterns' that trick users into giving away their personal data |url=https://www.theverge.com/2021/3/16/22333506/california-bans-dark-patterns-opt-out-selling-data |access-date=2021-03-21 |website=The Verge |language=en}}

A roach motel or a trammel net design provides an easy or straightforward path to get in but a difficult path to get out.{{cite web |url=https://www.theverge.com/2013/8/29/4640308/dark-patterns-inside-the-interfaces-designed-to-trick-you|title=Dark patterns: Inside the interfaces designed to trick you|last=Brignull|first=Harry|date= 29 August 2013|website=|publisher=The Verge|access-date= 29 May 2017|quote=}} Examples include businesses that require subscribers to print and mail their opt-out or cancellation request.

For example, during the 2020 United States presidential election, Donald Trump's WinRed campaign employed a similar dark pattern, pushing users towards committing to a recurring monthly donation.{{cite web |url=https://www.nytimes.com/2021/04/03/us/politics/trump-donations.html |title=How Trump Steered Supporters Into Unwitting Donations |date=April 3, 2021 |first=Shane |last=Goldmacher |website=The New York Times |url-access=subscription |archive-url=https://web.archive.org/web/20210501041057/https://www.nytimes.com/2021/04/03/us/politics/trump-donations.html |archive-date=May 1, 2021 }}

Another common version of this pattern is any service which enables one to sign-up and start the service online, but which requires a phone call (often with long wait times) to terminate the service. Examples include services like cable TV and internet services, and credit monitoring.{{cn|date=May 2024}}

In 2021, in the United States, the Federal Trade Commission (FTC) has announced they will ramp up enforcement against dark patterns like roach motel that trick consumers into signing up for subscriptions or making it difficult to cancel. The FTC has stated key requirements related to information transparency and clarity, express informed consent, and simple and easy cancellation.{{Cite web|date=2021-10-28|title=FTC to Ramp up Enforcement against Illegal Dark Patterns that Trick or Trap Consumers into Subscriptions|url=https://www.ftc.gov/news-events/press-releases/2021/10/ftc-ramp-enforcement-against-illegal-dark-patterns-trick-or-trap|access-date=2021-12-13|website=Federal Trade Commission|language=en}}

In 2016 and 2017, research documented social media anti-privacy practices using dark patterns.{{Cite journal|last1=Bösch|first1=Christoph|last2=Erb|first2=Benjamin|last3=Kargl|first3=Frank|last4=Kopp|first4=Henning|last5=Pfattheicher|first5=Stefan|date=2016-10-01|title=Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns|journal=Proceedings on Privacy Enhancing Technologies|volume=2016|issue=4|pages=237–254|doi=10.1515/popets-2016-0038|issn=2299-0984|doi-access=free|df=dmy-all}}{{Cite book|url=http://dl.gi.de/handle/20.500.12116/3583|title=Privacy dark patterns in identity management|last=Fritsch|first=Lothar|date=2017|publisher=Gesellschaft für Informatik, Bonn|isbn=978-3-88579-671-8|language=en}} In 2018, the Norwegian Consumer Council (Forbrukerrådet) published "Deceived by Design," a report on deceptive user interface designs of Facebook, Google, and Microsoft.Moen, Gro Mette, Ailo Krogh Ravna, and Finn Myrstad: [https://storage02.forbrukerradet.no/media/2018/06/2018-06-27-deceived-by-design-final.pdf Deceived by Design - How tech companies use dark patterns to discourage us from exercising our rights to privacy.] {{Webarchive|url=https://web.archive.org/web/20201011180604/https://www.forbrukerradet.no/undersokelse/no-undersokelsekategori/deceived-by-design |date=11 October 2020 }}, 2018, Consumer council of Norway / Forbrukerrådet. Report. A 2019 study investigated practices on 11,000 shopping web sites. It identified 1,818 dark patterns in total and grouped them into 15 categories.{{Cite journal|last1=Mathur|first1=Arunesh|last2=Acar|first2=Gunes|last3=Friedman|first3=Michael J.|last4=Lucherini|first4=Elena|last5=Mayer|first5=Jonathan|last6=Chetty|first6=Marshini|last7=Narayanan|first7=Arvind|date=November 2019|title=Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites|journal=Proceedings of the ACM on Human-Computer Interaction|volume=3|issue=CSCW|pages=81:1–81:32|doi=10.1145/3359183|issn=2573-0142|bibcode=2019arXiv190707032M|arxiv=1907.07032|s2cid=196831872}}

Research from April 2022 found that dark patterns are still commonly used in the marketplace, highlighting a need for further scrutiny of such practices by the public, researchers, and regulators.{{Cite journal |last1=Runge |first1=Julian |last2=Wentzel |first2=Daniel |last3=Huh |first3=Ji Young |last4=Chaney |first4=Allison |date=2022-04-14 |title="Dark patterns" in online services: a motivating study and agenda for future research |journal=Marketing Letters |volume=34 |pages=155–160 |language=en |doi=10.1007/s11002-022-09629-4 |s2cid=248198573 |issn=1573-059X|doi-access=free }}

Under the European Union General Data Protection Regulation (GDPR), all companies must obtain unambiguous, freely-given consent from customers before they collect and use ("process") their personally identifiable information. A 2020 study found that "big tech" companies often used deceptive user interfaces in order to discourage their users from opting out.{{Cite book|last1=Human|first1=Soheil|last2=Cech|first2=Florian|title=Human Centred Intelligent Systems |chapter=A Human-Centric Perspective on Digital Consenting: The Case of GAFAM |date=2021|editor-last=Zimmermann|editor-first=Alfred|editor2-last=Howlett|editor2-first=Robert J.|editor3-last=Jain|editor3-first=Lakhmi C.|chapter-url=https://epub.wu.ac.at/7523/1/HCIS2020_A%20Human-centric%20Perspective%20on%20Digital%20Consenting_The%20Case%20of%20GAFAM_Soheil%20Human_Florian%20Cech.pdf|series=Smart Innovation, Systems and Technologies|language=en|location=Singapore|publisher=Springer|volume=189|pages=139–159|doi=10.1007/978-981-15-5784-2_12|isbn=978-981-15-5784-2|s2cid=214699040}} In 2022, a report by the European Commission found that "97% of the most popular websites and apps used by EU consumers deployed at least one dark pattern."{{Cite book |last=European Commission. Directorate General for Justice and Consumers |url=https://data.europa.eu/doi/10.2838/859030 |title=Behavioural study on unfair commercial practices in the digital environment: dark patterns and manipulative personalisation : final report. |date=2022 |publisher=Publications Office |location=LU |doi=10.2838/859030|isbn=9789276523161 }}

Research on advertising network documentation shows that information presented to mobile app developers on these platforms is focused on complying with legal regulations, and puts the responsibility for such decisions on the developer. Also, sample code and settings often have privacy-unfriendly defaults laced with dark patterns to nudge developers’ decisions towards privacy-unfriendly options such as sharing sensitive data to increase revenue.{{cite book |last1=Tahaei |first1=Mohammad |last2=Vaniea |first2=Kami |title="Developers Are Responsible": What Ad Networks Tell Developers About Privacy |date=8 May 2021 |pages=1–11 |doi=10.1145/3411763.3451805|hdl=20.500.11820/4b6bc799-2bed-423f-b9d4-6c8bb37c2418 |isbn=978-1-4503-8095-9 |s2cid=233987185 |url=https://www.pure.ed.ac.uk/ws/files/200562945/tahaei2021AdNetworkLBW.pdf }}

Bait-and-switch is a form of fraud that violates US law.{{citation |title=Title 16 of the Code of Federal Regulations § 238}}

On 9 April 2019, US senators Deb Fischer and Mark Warner introduced the Deceptive Experiences To Online Users Reduction (DETOUR) Act, which would make it illegal for companies with more than 100 million monthly active users to use dark patterns when seeking consent to use their personal information.{{Cite web |last=Kelly |first=Makena |date=2019-04-09 |title=Big Tech's 'dark patterns' could be outlawed under new Senate bill |url=https://www.theverge.com/2019/4/9/18302199/big-tech-dark-patterns-senate-bill-detour-act-facebook-google-amazon-twitter |access-date=2019-04-10 |website=The Verge |df=dmy-all}}

In March 2021, California adopted amendments to the California Consumer Privacy Act, which prohibits the use of deceptive user interfaces that have "the substantial effect of subverting or impairing a consumer's choice to opt-out."

In October 2021, the Federal Trade Commission issued an enforcement policy statement, announcing a crackdown on businesses using dark patterns that "trick or trap consumers into subscription services." As a result of rising numbers of complaints, the agency is responding by enforcing these consumer protection laws.

In 2022, New York Attorney General Letitia James fined Fareportal $2.6 million for using deceptive marketing tactics to sell airline tickets and hotel rooms{{Cite web |date=March 2022 |title=Assurance of discontinuance |url=https://ag.ny.gov/sites/default/files/2022.03.16_nyag-fareportal_aod_fully_executed.pdf}} and the Federal Court of Australia fined Expedia Group's Trivago A$44.7 million for misleading consumers into paying higher prices for hotel room bookings.{{Cite web |date=22 April 2022 |title=Australia fines Expedia Group's Trivago $33 million on misleading hotel room rates |url=https://au.finance.yahoo.com/news/australia-fines-expedia-groups-trivago-020000781.html |access-date=2022-06-14 |website=au.finance.yahoo.com |language=en-AU}}

In March 2023, the United States Federal Trade Commission fined Fortnite developer Epic Games $245 million for use of "dark patterns to trick users into making purchases." The $245 million will be used to refund affected customers and is the largest refund amount ever issued by the FTC in a gaming case.{{Cite web |date=March 2023 |title=Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges |url=https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations}}

In the European Union, the GDPR requires that a user's informed consent to processing of their personal information be unambiguous, freely-given, and specific to each usage of personal information. This is intended to prevent attempts to have users unknowingly accept all data processing by default (which violates the regulation).{{Cite web|url=https://www.thedrum.com/opinion/2018/02/08/understanding-trust-and-consent-are-the-real-keys-embracing-gdpr|title=Understanding 'trust' and 'consent' are the real keys to embracing GDPR|website=The Drum|language=en|access-date=2019-04-10|df=dmy-all}}{{Cite news|url=https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe|title=Facebook and Google hit with $8.8 billion in lawsuits on day one of GDPR|work=The Verge|access-date=26 May 2018|archive-url=https://web.archive.org/web/20180525235251/https://www.theverge.com/2018/5/25/17393766/facebook-google-gdpr-lawsuit-max-schrems-europe|archive-date=25 May 2018|url-status=live|df=dmy-all}}{{Cite news|url=https://www.irishtimes.com/business/technology/max-schrems-files-first-cases-under-gdpr-against-facebook-and-google-1.3508177|title=Max Schrems files first cases under GDPR against Facebook and Google|newspaper=The Irish Times|access-date=26 May 2018|language=en-US|archive-url=https://web.archive.org/web/20180525201624/https://www.irishtimes.com/business/technology/max-schrems-files-first-cases-under-gdpr-against-facebook-and-google-1.3508177|archive-date=25 May 2018|url-status=live|df=dmy-all}}{{Cite web|url=https://techcrunch.com/2018/05/25/facebook-google-face-first-gdpr-complaints-over-forced-consent/|title=Facebook, Google face first GDPR complaints over 'forced consent'|website=TechCrunch|date=25 May 2018 |access-date=26 May 2018|archive-url=https://web.archive.org/web/20180526030448/https://techcrunch.com/2018/05/25/facebook-google-face-first-gdpr-complaints-over-forced-consent/|archive-date=26 May 2018|url-status=live|df=dmy-all}}{{Cite news|url=https://www.zdnet.com/article/google-facebook-hit-with-serious-gdpr-complaints-others-will-be-soon/|title=Google, Facebook hit with serious GDPR complaints: Others will be soon|last=Meyer|first=David|publisher=ZDNet|access-date=26 May 2018|language=en|archive-url=https://web.archive.org/web/20180528090334/https://www.zdnet.com/article/google-facebook-hit-with-serious-gdpr-complaints-others-will-be-soon/|archive-date=28 May 2018|url-status=live|df=dmy-all}}

According to the European Data Protection Board, the "principle of fair processing laid down in Article 5 (1) (a) GDPR serves as a starting point to assess whether a design pattern actually constitutes a 'dark pattern'."{{Cite web |title=Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them |url=https://edpb.europa.eu/system/files/2022-03/edpb_03-2022_guidelines_on_dark_patterns_in_social_media_platform_interfaces_en.pdf |website=European Data Protection Board}}

At the end of 2023 the final version of the Data Act{{Citation |title=Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act) |date=2023-12-13 |url=http://data.europa.eu/eli/reg/2023/2854/oj/eng |access-date=2024-01-10 |language=en}} was adopted. It is one of the three EU legislations which deal expressly with dark patterns.{{Cite web |last=Pál |first=Szilágyi |date=2023-12-03 |title=Consensus on the Data Act at the Council |url=https://darkpattern.substack.com/p/consensus-on-the-data-act-at-the |access-date=2024-01-10 |website=Dark patterns, neuromarketing}} Another one being the Digital Services Act.Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act). OJ L 277, 27.10.2022, p. 1–102. The third EU legislation on dark patterns in force is the directive financial services contracts concluded at a distance.{{Cite web |last=Pál |first=Szilágyi |date=2024-01-11 |title=Dark patterns everywhere: ESMA |url=https://darkpattern.substack.com/p/dark-patterns-everywhere-esma |access-date=2024-01-11 |website=Dark patterns, neuromarketing}} The Public German Consumer Protection Organisation claims Big Tech uses dark patterns to violate the Digital Services Act.{{Cite web |date=2024-07-16 |title=Combining data and bundling services under the digital markets act |url=https://www.vzbv.de/sites/default/files/2024-07/DMA-Report_English_2.pdf |access-date=2024-08-08 |website=Bundesverband der Verbraucherzentralen und Verbraucherverbände |language=en}}

In April 2019, the UK Information Commissioner's Office (ICO) issued a proposed "age-appropriate design code" for the operations of social networking services when used by minors, which prohibits using "nudges" to draw users into options that have low privacy settings. This code would be enforceable under the Data Protection Act 2018.{{Cite news |date=2019-04-15 |title=Under-18s face 'like' and 'streaks' limits |language=en-GB |work=BBC News |url=https://www.bbc.com/news/technology-47933521 |access-date=2019-04-15 |df=dmy-all}} It took effect 2 September 2020.{{Cite web |last=Lomas |first=Natasha |date=2020-01-22 |title=UK watchdog sets out 'age appropriate' design code for online services to keep kids' privacy safe |url=https://techcrunch.com/2020/01/22/uk-watchdog-sets-out-age-appropriate-design-code-for-online-services-to-keep-kids-privacy-safe/ |access-date=2023-04-09 |website=TechCrunch |language=en-US}}{{Cite web |last=Lomas |first=Natasha |date=2021-09-01 |title=UK now expects compliance with children's privacy design code |url=https://techcrunch.com/2021/09/01/uk-now-expects-compliance-with-its-child-privacy-design-code/ |access-date=2023-04-09 |website=TechCrunch |language=en-US}}

• {{annotated link|Anti-pattern}}
• {{annotated link|Confusopoly}}
• {{annotated link|Gamification}}
• {{annotated link|Growth hacking}}
• {{annotated link|Jamba!}}
• {{annotated link|Opt-in email}}
• {{annotated link|Opt-out}}
• {{annotated link|Revolving credit}}
• {{annotated link|Shadow banning}}

{{reflist}}

• [https://www.deceptive.design/ Deceptive Design (formerly darkpatterns.org)]
• [https://darkpatternstipline.org/ Tip line] to report dark patterns to the Electronic Frontier Foundation and Consumer Reports
• [https://darkpatterns.uxp2.com/ Dark patterns] at the UX Pedagogy and Practice Lab at Purdue University

Category:Graphic design

Category:Web design

Category:Consumerism

Category:Computer ethics

Category:Technology neologisms

Category:2010 neologisms