• by Wendy Davis  @wendyndavis, May 10, 2022

The self-regulatory privacy group Network Advertising Initiative is raising concerns about web companies' use of so-called “dark patterns” to manipulate consumers.

Dark patterns “involve obfuscation and a lack of clarity, with the likelihood or outcome of tricking consumers into making choices they don’t necessarily intend,” the organization said in the new report, “Best Practices for User Choice and Transparency.”

The NAI added that it is “concerned about the use of dark patterns that have led to increased attention and regulation.”

The term “dark patterns” generally refers to interfaces that trick consumers into doing something they hadn't planned to do -- such as agreeing to data collection, or purchasing a subscription.

The self-regulatory group's new best practices guide sets out a host of recommendations for companies. Among other guidance, the organization advises companies to make opt-in and opt-out options equally accessible, and to give them a similar look.

“For example,” the guide states, “ensure 'Accept' and 'Cookie Settings' are presented in different, but easy to read text and coloring, clearly delineating different user options.”

The organization also recommends that companies “carefully consider” privacy policies that require consumers to agree to the use of their data in order to access services or sites.

“Though sometimes necessary, consumers are often frus­trated by 'take-it-or-leave-it” style choices,'” the group writes. “In circumstances where a product or service is 100% ad supported, and the site or service relies on data-driven advertising, then there are legal requirements that should be considered (e.g., state laws in California and Virginia).”

Other suggestions are that companies should avoid requiring consumers to read or listen to reasons why they shouldn't opt out, and avoid requiring people to search through a privacy policy to locate an opt-out mechanism.

David LeDuc, vice president for public policy, says members of the Network Advertising Initiative are already required “to provide easy to use and find choice mechanisms and clear notice and transparency.”

He adds that the new best practices guide demonstrates “in greater detail” how members can comply.

“The compliance team will begin flagging any inconsistencies with the document when doing this year’s compliance reviews,” he says. “Ultimately, the new resource conveys greater detail around what our existing expectations have always been.”

He adds that the group issued the guidance now due to the “ongoing conversation surrounding dark patterns.”

Recent privacy laws in California, Colorado and Connecticut prohibit companies from using “dark patterns” to obtain people's consent to the use of their data.

In California, privacy regulations specifically provide that businesses can't present consumers with double-negatives, such as “don't not sell my personal information.”

California businesses also can't require consumers who click on a do-not-sell-my-information link to then scroll through a separate privacy policy for an opt-out mechanism

On the national level, federal lawmakers introduced legislation last year that would explicitly prohibit large web companies from designing interfaces in ways that thwart people's “autonomy,” or “decision-making” regarding privacy options.

The Federal Trade Commission recently suggested that online interfaces that either trick people into purchasing subscriptions, or make cancellation difficult, could reflect the use of “dark patterns.”

Even without new legislation, the FTC already has authority to enforce a ban on deceptive and unfair business practices, and has previously prosecuted companies for practices that could reflect “dark patterns” -- such as failing to clearly disclose that a subscription would automatically renew.