dark-patterns-data-protection

How “Dark Patterns” Impact Data Protection

Generic placeholder image
Rachel Jenkins

The term “dark patterns” has an ominous ring to it. And for a good reason. These website elements have carved away at online users’ experience enough for regulators and insurers to note. Let’s look a little deeper at dark patterns and how they impact data protection. 

What Are Dark Patterns?

Dark patterns are website elements that manipulate users into making decisions they aren’t aware of or didn’t want to make. Dark patterns also prevent users from doing what they set out to do. In short, they’re a sneaky way for websites to operate, tricking and confusing users into giving up personal information, not to mention agreeing to legal terms and buying unwanted products or services. 

Examples of Dark Patterns

Although dark patterns sound like threats hiding in the shadows, don’t let the name fool you. Dark patterns are everywhere, from ecommerce checkouts to digital advertising to non-renewal functions. The following are examples of standard dark patterns, so let’s see if you recognize any of these dark patterns:

  • Countdown time that implies the offer is expiring
  • An “only 3 left” banner on an ecommerce website
  • Advertising banner that won’t disappear, no matter how many times you close it
  • Instructions to click on numerous links to unsubscribe from a service
  • Escalating requests to gain access to “free” products (i.e., name, phone number, email address, etc.)
  • Forced continuity, such as failing to inform you of free trial ending or fees starting
  • Hidden fees and sign-ups, frequently at ecommerce checkouts
  • Using double negatives (i.e., “don’t not sell my information)

These dark patterns are part of why users become frustrated on various websites. Most of us have fallen for these dark patterns at some point. What’s more, some dark patterns are more harmful than others. For example, one nefarious dark pattern is an ad design that appears like a speck of dirt on your device screen. When you try to wipe it off, you inevitably click on an unwanted ad link.  

Regulations Addressing Dark Patterns

As frustrating and annoying as dark patterns are, their impact isn’t going unnoticed. More regulatory bodies are turning their attention to address these website elements. Here are a few regulations addressing dark patterns.

California

Unsurprisingly, California is spearheading regulations aimed at dark patterns. The California Privacy Rights Act will take effect at the first of the year in 2023. The Act states that information obtained from using dark patterns doesn’t constitute consent. Further defining dark patterns in the Act, the newly-established California Privacy Protection Agency plans to continue developing regulations. And they’re not messing around. California businesses have 90 days to comply or face up to $75,000 of fines (per user) per intentional violation. 

Colorado 

Colorado enhanced the Colorado Privacy Act last year, which is a broad statute to protect the privacy of its residents. In many ways, this Act resembles California’s regime. However, the fines are different. For example, penalties can top $20,000 per violation up to a maximum penalty of $500,000.

Federal Trade Commission

Like Colorado and California, the Federal Trade Commission (FTC) has started to pay attention. According to the FTC, using dark patterns isn’t anything more than a sophisticated version of unfair or deceptive trade practices. Unsurprisingly, the FTC is putting its foot down. In a lawsuit against Age of Learning, Inc. in 2020, the company paid $10 million in a settlement order and changed its practices. The following year, the FTC hosted a public workshop focused on dark pattern threats and future mitigation strategies.

Cyber Liability Insurance

As new statutes and regulations unfold — an excellent place to start — the insurance world also contributes to the battle against dark patterns and the misuse of personal information. Unfortunately, companies can use dark patterns in numerous ways, so identifying or recognizing each abuse is challenging. As a result, we encourage you to become familiar with your cyber liability insurance policy. 

Cyber liability insurance protects companies from third-party lawsuits related to electronic activity (i.e., phishing scams, malware, etc.). This coverage also offers many recovery benefits, supporting data restoration and reimbursement for lost income and payroll.  

In response to the rise of dark patterns, we see carriers adjusting their cyber policy language. It’s always helpful to team with a trusted commercial insurance broker so that you know precisely what your policy covers. For example, our bench of experts frequently conduct cyber risk assessment, a beneficial tool to pinpoint your precise vulnerability points.  

Understanding the details of what coverage your company needs can be confusing. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you. 


What to know more about cyber liability insurance? Talk to us! Please contact us at info@foundershield.com or create an account here to get started on a quote.

Related Articles

cyber-liability-premiums
August 29 • Cyber Liability

To Understand Cyber Liability Premiums, Let’s Talk About Hurricanes

Cyber liability insurance premiums are rising, and company leaders struggle to keep up with the increase — but why is this happening? Let’s talk about the “hurricane effect” and what to expect in the future.

cyber-liability-policies
August 23 • Cyber LiabilityGuest Post

How IT Can Improve Your Cybersecurity Policies as You Scale

High-growth companies face unique risks, and today’s shaky cybersecurity landscape only compounds those challenges. Our friends at Electric share how IT can improve your cyber policies as you scale. Let’s dive in!

ransomeware-defense
June 13 • Cyber Liability

Ransomware Defense — 5 Tips to Protect Your Business

With cyber attacks on the rise for technology and late-stage companies, it’s up to risk management teams to build fortifying ransomware defense — here’s how.

Cybersecurity quiz
April 25 • Cyber Liability

Cybersecurity Stats of 2022: Data Protection Pro or Novice? [Quiz]

Cybersecurity concerns skyrocketed during the past few years, especially for small businesses and technology companies — but how cyber literate are we really? Let’s find out!

Cyber Liability Insurance Trends 2022
February 22 • Cyber LiabilitySpotlight

Cyber Liability Insurance Trends 2022

After an exceptionally rough year in cybersecurity, let’s review cyber liability insurance trends to expect in 2022.

cyber liability_crime_insurance
October 12 • Crime InsuranceCyber Liability

What’s the Difference Between Crime and Cyber Insurance?

Plenty of overlap occurs between crime and cyber liability insurance. Let’s review the similarities and differences in these policies for startups, or even small business or mid-market company.