Home
Home
Design Crimes
Design Crimes
Legal Bullshit
Legal Bullshit
Busted Assholes
Busted Assholes
Wall of Shame
Wall of Shame
Save the Planet
Save the Planet
WTF is This?
WTF is This?
Snitch Now
Snitch Now
Home
Home
Design Crimes
Design Crimes
Legal Bullshit
Legal Bullshit
Busted Assholes
Busted Assholes
Wall of Shame
Wall of Shame
Save the Planet
Save the Planet
WTF is This?
WTF is This?
Snitch Now
Snitch Now
Back to Home

Legal Bullshit That Actually Helps

How governments and regulatory bodies around the world are starting to give a damn about deceptive design practices.

Regions

Laws & Regulations

General Data Protection Regulation (GDPR)

European Union2018

The EU's comprehensive data protection law that addresses dark patterns through requirements for clear consent and transparency.

How GDPR Addresses Dark Patterns

The General Data Protection Regulation (GDPR) is the European Union's comprehensive data protection law that came into effect on May 25, 2018. While it doesn't explicitly mention "dark patterns" by name, several of its provisions effectively restrict their use:

Key Provisions Against Dark Patterns

  • Article 4(11) and Article 7: Consent Requirements - Consent must be "freely given, specific, informed and unambiguous" and demonstrated "by a clear affirmative action." This prohibits pre-checked boxes, confusing language, and other manipulative consent mechanisms.
  • Article 12: Transparent Information - Information must be provided "in a concise, transparent, intelligible and easily accessible form, using clear and plain language." This counters trick wording and visual interference patterns.
  • Article 13 & 14: Right to Information - Users must be clearly informed about how their data will be used, preventing hidden subscriptions and sneaking patterns.
  • Article 25: Data Protection by Design - Requires privacy-friendly default settings, addressing preselection dark patterns.

Enforcement Examples

The European Data Protection Board and national authorities have increasingly focused on dark patterns in their enforcement actions:

  • In 2019, the French data protection authority (CNIL) fined Google €50 million partly for using confusing consent interfaces.
  • In 2021, the Italian data protection authority fined TikTok €27 million for using dark patterns that made it difficult for users to understand how their data was being processed.
  • The Irish Data Protection Commission has investigated Facebook/Meta for making the opt-out process for data sharing significantly more complex than the opt-in process.

Recent Developments

In March 2022, the European Data Protection Board adopted guidelines specifically addressing dark patterns in social media interfaces, categorizing them and providing examples of prohibited designs. This represents a significant step toward explicit regulation of dark patterns under GDPR.

Know Your Rights

Understanding the laws that protect you from dark patterns is the first step to fighting back. Learn more about specific cases where these laws have been enforced.

See Who Got Busted