California's CPPA to Join FTC in Shining Light on Dark Patterns: CCPA Enforcement Advisory

On September 4, 2024, the California Privacy Protection Agency (CPPA) joined the Federal Trade Commission (FTC) in reminding businesses of the importance of avoiding “Dark Patterns,” which are user interfaces or choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decisionmaking, or choice. 

Over the last few years, the FTC has ramped up public education and enforcement efforts against Dark Patterns. For example, in 2021 the FTC held a workshop which brought together researchers, legal experts, consumer advocates, and industry professionals to examine what Dark Patterns are and how they affect consumers and the marketplace. This workshop resulted in a 2022 FTC staff report titled Bringing Dark Patterns to Light, which discusses common types of dark patterns, highlights consumer protection concerns, and provides recommendations for businesses. 

The FTC has also made several public statements that underscore its intent to prioritize bringing enforcement actions against companies that employ Dark Patterns. These statements are supported by the numerous enforcement actions the FTC has brought against companies for using Dark Patterns over the last few years, many of which have resulted in substantial monetary penalties ranging from millions to hundreds of millions of dollars. 

The new CPPA enforcement advisory makes clear that it views Dark Patterns as an adverse privacy practice and signals that CPPA enforcement activity is likely in this space. The advisory underscores Dark Pattern guidance provided by the FTC, reminding businesses that: 

• Dark patterns harm consumers by subverting and impairing their autonomy, decisionmaking, or choice.
• Dark patterns are about effect, not intent.
• Using clear and understandable language and offering consumers symmetrical choices avoids impairing and interfering with consumers’ ability to make their choice. 

The enforcement advisory also provides questions for businesses to consider when reviewing user interfaces, along with examples where Dark Patterns frequently appear, such as interfaces designed to seek consumers’ consent to use their personal information and website cookie consent managers. 

This enforcement advisory serves as a reminder that website and mobile application interfaces should be continually reviewed by experienced counsel to ensure they remain compliant with applicable privacy laws and do not run afoul of consumer protection principles. In addition to avoiding enforcement actions from the CPPA and FTC, by designing consumer-friendly website and mobile app interfaces that feature clear language, symmetrical choices, and comply with privacy and consumer protection laws, companies can inspire consumer trust. 

The advisory highlights for businesses the importance of reviewing their user interfaces to ensure they offer symmetrical choices and use clear, easy-to-understand language offering privacy choices—two of the attributes spelled out in the [CCPA] regulations.

View referenced article