dark-patterns-data-protection

How “Dark Patterns” Impact Data Protection

Generic placeholder image
Rachel Jenkins

The term “dark patterns” has an ominous ring to it. And for a good reason. These website elements have carved away at online users’ experience enough for regulators and insurers to note. Let’s look a little deeper at dark patterns and how they impact data protection. 

What Are Dark Patterns?

Dark patterns are website elements that manipulate users into making decisions they aren’t aware of or didn’t want to make. Dark patterns also prevent users from doing what they set out to do. In short, they’re a sneaky way for websites to operate, tricking and confusing users into giving up personal information, not to mention agreeing to legal terms and buying unwanted products or services. 

Examples of Dark Patterns

Although dark patterns sound like threats hiding in the shadows, don’t let the name fool you. Dark patterns are everywhere, from ecommerce checkouts to digital advertising to non-renewal functions. The following are examples of standard dark patterns, so let’s see if you recognize any of these dark patterns:

  • Countdown time that implies the offer is expiring
  • An “only 3 left” banner on an ecommerce website
  • Advertising banner that won’t disappear, no matter how many times you close it
  • Instructions to click on numerous links to unsubscribe from a service
  • Escalating requests to gain access to “free” products (i.e., name, phone number, email address, etc.)
  • Forced continuity, such as failing to inform you of free trial ending or fees starting
  • Hidden fees and sign-ups, frequently at ecommerce checkouts
  • Using double negatives (i.e., “don’t not sell my information)

These dark patterns are part of why users become frustrated on various websites. Most of us have fallen for these dark patterns at some point. What’s more, some dark patterns are more harmful than others. For example, one nefarious dark pattern is an ad design that appears like a speck of dirt on your device screen. When you try to wipe it off, you inevitably click on an unwanted ad link.  

Regulations Addressing Dark Patterns

As frustrating and annoying as dark patterns are, their impact isn’t going unnoticed. More regulatory bodies are turning their attention to address these website elements. Here are a few regulations addressing dark patterns.

California

Unsurprisingly, California is spearheading regulations aimed at dark patterns. The California Privacy Rights Act will take effect at the first of the year in 2023. The Act states that information obtained from using dark patterns doesn’t constitute consent. Further defining dark patterns in the Act, the newly-established California Privacy Protection Agency plans to continue developing regulations. And they’re not messing around. California businesses have 90 days to comply or face up to $75,000 of fines (per user) per intentional violation. 

Colorado 

Colorado enhanced the Colorado Privacy Act last year, which is a broad statute to protect the privacy of its residents. In many ways, this Act resembles California’s regime. However, the fines are different. For example, penalties can top $20,000 per violation up to a maximum penalty of $500,000.

Federal Trade Commission

Like Colorado and California, the Federal Trade Commission (FTC) has started to pay attention. According to the FTC, using dark patterns isn’t anything more than a sophisticated version of unfair or deceptive trade practices. Unsurprisingly, the FTC is putting its foot down. In a lawsuit against Age of Learning, Inc. in 2020, the company paid $10 million in a settlement order and changed its practices. The following year, the FTC hosted a public workshop focused on dark pattern threats and future mitigation strategies.

Cyber Liability Insurance

As new statutes and regulations unfold — an excellent place to start — the insurance world also contributes to the battle against dark patterns and the misuse of personal information. Unfortunately, companies can use dark patterns in numerous ways, so identifying or recognizing each abuse is challenging. As a result, we encourage you to become familiar with your cyber liability insurance policy. 

Cyber liability insurance protects companies from third-party lawsuits related to electronic activity (i.e., phishing scams, malware, etc.). This coverage also offers many recovery benefits, supporting data restoration and reimbursement for lost income and payroll.  

In response to the rise of dark patterns, we see carriers adjusting their cyber policy language. It’s always helpful to team with a trusted commercial insurance broker so that you know precisely what your policy covers. For example, our bench of experts frequently conduct cyber risk assessment, a beneficial tool to pinpoint your precise vulnerability points.  

Understanding the details of what coverage your company needs can be confusing. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you. 


What to know more about cyber liability insurance? Talk to us! Please contact us at info@foundershield.com or create an account here to get started on a quote.

Related Articles

Cybersecurity quiz
April 25 • Cyber Liability

Cybersecurity Stats of 2022: Data Protection Pro or Novice? [Quiz]

Cybersecurity concerns skyrocketed during the past few years, especially for small businesses and technology companies — but how cyber literate are we really? Let’s find out!

Cyber Liability Insurance Trends 2022
February 22 • Cyber LiabilitySpotlight

Cyber Liability Insurance Trends 2022

After an exceptionally rough year in cybersecurity, let’s review cyber liability insurance trends to expect in 2022.

cyber liability_crime_insurance
October 12 • Crime InsuranceCyber Liability

What’s the Difference Between Crime and Cyber Insurance?

Plenty of overlap occurs between crime and cyber liability insurance. Let’s review the similarities and differences in these policies for startups, or even small business or mid-market company.

cyber-liability-insurance
August 31 • Cyber Liability

Cyber Liability Insurance Guide

Cyber liability insurance can seem confusing — but it doesn’t have to be. Here are several crucial cyber coverage guidelines for startups and technology companies.

August 30 • Cyber LiabilityErrors & OmissionsRisk Management Tips

Managed Service Providers (MSPs) Insurance Guide

With the environment rapidly changing for a small or mid-market business, what risks do MSPs face now? Here’s a practical guide to MSP insurance.

ransomware manufactures
August 3 • Cyber LiabilityRisk Management Tips

Ransomware Insights: Why Hackers Are Targeting Manufacturers

With ransomware attacks on the rise, why are manufacturers taking the brunt of it? Here’s our take on the situation, along with helpful tips.