Data Matters Privacy Blog Suits Against Google Signal Increased review of ‘dark patterns’


*This article was first published on Law360 on June 16, 2022

Ongoing lawsuits against Google LLC illustrate how regulators and plaintiffs’ attorneys are increasingly using dark-pattern theory to challenge corporate practices involving consumers.

Attorneys general for Washington, DC, Washington state, Texas and Indiana have all filed lawsuits against Google, alleging the company is inducing consumers to provide their location data on Jan. 24.

The cases are State of Texas v Google LLC, in Victoria County District Court; State of Washington v. Google LLC, in King County Superior Court; State of Indiana v. Google LLC, in Marion County Superior Court; and District of Columbia v. Google LLC, in the Superior Court of the District of Columbia.

These recent lawsuits are another example of the trend of multi-state attorneys general and Federal Trade Commission investigations shaping privacy law and public policy in the absence of comprehensive federal legislation. Not only do these lawsuits highlight how state attorneys general are taking a more active role in battling tech giants, they also shed light on the types of lawsuits that businesses of all sizes facing consumers can face. expect in the future.

The FTC and state attorneys general have long filed lawsuits to prohibit unfair and deceptive practices, pursuant to Section 5 of the FTC Act and state consumer protection laws. But it’s only been in recent years that regulators have argued that using dark patterns could be a violation of those laws.

Indeed, the recent lawsuits against Google are the first time high-level law enforcement actions have explicitly invoked dark patterns.

Dark patterns are design tricks that manipulate behavior in ways that are detrimental to the consumer. The term has entered the privacy lexicon as privacy advocates and regulators express growing concern about companies influencing their users’ online decisions.

The concept originated in academia about a decade ago and goes to the heart of the right to liberty protected by privacy law and regulation. It is now gaining traction with regulators, legislators and litigants.

Early discussions of dark patterns have asked whether the FTC and other regulators need new authorities to specifically target dark patterns. But the FTC has appealed to both the “unfair” and “deceptive” aspects of its existing powers under Section 5 of the FTC Act to bring suits against dark-pattern practices, and has repeatedly asserted that no new legislation is needed.

Unfair authority requires the FTC to establish that the practice causes substantial harm to consumers that cannot reasonably be avoided by consumers and is not outweighed by compensatory benefits. The Deception Authority requires the FTC to establish that there is a material misrepresentation, omission, or practice that is likely to mislead a consumer acting unreasonably in the circumstances.

In April 2021, the FTC hosted a workshop to review digital dark patterns,[1] and in October 2021, announced plans to increase enforcement of its dark schemes.[2]

Class action litigants have also taken notice of the dark patterns and in recent years have argued claims such as fraud, breach of contract and violation of national unfair competition and consumer protection laws on the basis of alleged uses of dark schemes, including tricking users into subscribing to recurring bills or maintaining subscriptions through complex cancellation procedures.

Nevertheless, serious questions remain about whether certain practices – some of which are common and long-standing advertising practices – should be considered dark patterns. To that end, federal and state lawmakers have begun to incorporate bans on dark motives into bills.

Federal legislation first proposed in 2019 and reintroduced in December 2021, the Reducing Deceptive Experiences for Online Users Act, would ban major online platforms from using dark models. The California Privacy Rights Act and the Colorado Privacy Act, both of which take effect in 2023, provide that consent based on dark patterns is not valid.

Although there are emerging definitions,[3] the broad and flexible concept may well encompass a host of day-to-day business activities that are not necessarily closely monitored by legal and compliance departments. The fluidity of the concept and the lack of clear regulatory guidance informed by the development of notice-and-comment rules therefore present extensive legal risk.

The latest lawsuits against Google, one of which has already survived a motion to dismiss, demonstrate the scrutiny given to dark patterns, and they foreshadow an increased reliance on dark pattern theories in future litigation. There will likely be even more litigation that explicitly relies on dark pattern claims – in the form of both Article 5 lawsuits brought by the FTC and consumer protection lawsuits brought by regulators. state and class action plaintiffs.

This problem affects businesses of all sizes and extends to consumer-facing businesses in all industries that have some type of digital presence. For example, the FTC has stressed that it will review any company that makes it difficult for consumers to cancel their subscription digitally.

Privacy and consumer-conscious companies should take note of the lawsuits and do their best to ensure that their current and future practices do not put them at risk of dark pattern enforcement. Consumer-facing businesses should work with attorneys to develop policies that guide decisions about marketing and other consumer interactions based on this rapidly evolving set of dark schema laws.

Companies should review existing and new product websites and campaigns to ensure that their design interfaces – online and offline – do not mislead or manipulate consumers. Companies must be particularly transparent with consumers about how their personal data, including location data and other sensitive data, is collected, used and shared.

Companies should also assess any tactics or designs that could be seen to manipulate consumer choices or fail to disclose their practices to consumers. This includes reviewing privacy choices, such as data collection and usage practices, as well as business choices such as automatic renewals.

Failure to do so can not only damage a company’s reputation with its customers, but also create significant litigation and regulatory risks, as dark schema claims are sure to proliferate in the months and years to come.

The opinions expressed are those of the author or authors and do not necessarily reflect the opinions of the company, its customers or Portfolio Media Inc., or any of its respective affiliates. This article is for general information purposes and is not intended to be and should not be considered legal advice..



[3] The CPRA and CPA both define a “dark model” as “a user interface designed or manipulated with the substantial effect of subverting or impairing the user’s autonomy, decision-making, or choice”. Cal. Civil. Code §1798.140(l); CRS §6-1-1303(9). Similarly, the proposed DETOUR Act would make it illegal for any large online operator “to design, modify, or manipulate any user interface for the purpose or substantial effect of obscuring, subverting, or impairing the autonomy , the decision-making or the choice of the user to obtain”. consent or user data. DETOUR Act, S. 3330, 117th Cong. § 3(a) (2021).

To share

Comments are closed.