Manipulative UX Design & the Role of Regulation: Event Highlights

On March 24, the FPF hosted “Dark Patterns:” Manipulative UX Design and the Role of Regulation. So-called “dark patterns” are user interface design choices that benefit an online service by coercing, manipulative, or deceiving users into making unintended or potentially harmful decisions. The event provided a critical examination of the ways in which manipulative interfaces can limit consumer choice and explored how regulation of manipulative designs continues to expand – from California’s recent Attorney General regulations, to the California Privacy Rights Act, to other state and federal privacy bills. Participants also discussed whether truly neutral design is ever possible, and the differences between acceptable persuasion (such as in advertising) and manipulation, coercion, and deception. 

The event, moderated by FPF Senior Counsel Stacey Gray, began with a survey of legislative proposals that would regulate manipulative user interface design choices. Stacey highlighted several prominent state privacy laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which define and address dark patterns in certain contexts, such as in the California Attorney General’s regulations for the design of “opt-out of sale” mechanisms for personal data collection and use. Gray also addressed relevant legislative proposals at the state and federal level – the Washington Privacy Act (SB 5062), CA SB 980, and the SAFE DATA Act (S. 4626) – that explicitly define or create regulations around manipulative design choices. Finally, Gray explained that manipulative design is an “ongoing focus” of the Federal Trade Commission, citing past enforcement actions related to manipulative user interface design choices and referencing the FTC’s upcoming April 29 workshop, “Bringing Dark Patterns to Light.”

Dr. Jennifer King, Privacy and Data Policy Fellow at the Stanford Institute for Human-Centered Artificial Intelligence, provided the keynote presentation, which defined dark patterns, the contexts they target, how they work, types of dark patterns, examples, and key thoughts for policymakers and regulators. Specifically, Dr. King recommended that lawmakers consider the following questions: 

• Is current FTC section 5 authority enough to address dark patterns generally? Or is expanded authority necessary? 
• How do we evaluate and measure dark patterns, and who should do this type of work? 
• Identifying the “dark” vs. the “gray”: what defines the line between permissible persuasion and manipulation or coercion?
• Are neutral designs a realistic and enforceable option, particularly at decision points, such as opt-in or opt-outs? 
• What are the implications for Privacy by Design? How is success in privacy measured?
• How does the CPRA’s “effect” standard differ from a potential “intent” standard? Which standard is more measurable and enforceable?

Following Dr. King’s address, the event moved to a panel discussion with Mihir Kshirsagar, Clinic Lead for Princeton’s Center for Information Technology Policy, Tanya Forsheit, Chair of the Privacy & Data Security Group at Frankfurt Kurnit Klein + Selz, as well as Gray and Dr. King. Together, the panel considered manipulative design from legal, policy, and technology perspectives, providing insightful answers to questions from the audience. 

Gray closed the event by noting that manipulative design will continue to be a focus for FPF, previewing future convenings on manipulative design under EU and global law and in specific contexts, such as in online products and services for children and teens. 

To learn more, watch the recording of the event.