Following its 2021 Dark Patterns enforcement policy, the FTC recently issued a staff report on the practice. The report summarized many of the cases the agency has brought against companies it alleges have engaged in “dark patterns” designed to “get consumers to part with their money or data.” These include using design elements that induce false beliefs, that delay important and material information, that lead to unauthorized charges, or that subvert or confuse privacy choices.

In this new report, the FTC provides businesses with strongly-worded instructions about how to avoid collect personal information from consumers in a way that might be viewed as a dark pattern. These include:

  • Not setting system defaults to collect more information than a consumer would expect, or to use information in a way that consumers would not expect.
  • Making it easy for consumers to chose how their information gets used. Specifically, the FTC cautions against having multiple screens through which a consumer needs to navigate to exercise choice, or having ambiguously or confusingly worded toggle buttons.
  • The FTC also urges companies to look at the user interfaces they create from the perspective of the consumer.
  • Finally, the FTC provides specific direction about collecting and using sensitive information. Companies should make choices about how this information is going to be used clear and understandable, and give people the tools and information they need to exercise their choices. If sensitive information is sold, companies should vet the purchasers, how the purchasers will use the information, and importantly, monitor buyers’ use of the sold information.

Putting It Into Practice: This report follows on the heels of the FTC’s proposed privacy rulemaking and signals its ongoing concern that notice and choice presented to consumers be clear and understandable. Much of the advice in the report is familiar and indicate the FTC’s expectations of companies. Of note are (1) the direction to review user interfaces and (2) to monitor use of information (especially sensitive information) after it has been sold to third parties.