By Clint Fillipou, Principal Partner Melbourne

and Jennifer Andrade, Law Graduate

Depending on how involved you, your brand and/or your agency are in the digital space, you may or may not have heard of “Dark Patterns”. Or, you may have been calling them something completely different all this time. So, what are they? And why are regulators becoming more and more interested in them?

In short, Dark Patterns are coding and layout devices that have existed on digital platforms for years, and they are so common and ubiquitous that they have become normalised and accepted practice online. Indeed, consumers may not even realise that they are being influenced by them. As Australia moves to bring its privacy legislation into line with other more heavily-regulated jurisdictions, and recommendations flowing from Australia’s recent Digital Platforms Services Inquiry are progressively implemented, Dark Patterns are being discussed more openly as an area of regulatory concern. Especially with constant advances in data analytics, data use, and web technology, it is becoming increasingly crucial for consumers to recognise Dark Patterns and for regulators to address any risks they create, whether from a privacy or consumer protection perspective. As a result, agencies and brands must be aware of the changing nature of the law in this area, and prepare now for what might be coming.

Firstly, what are Dark Patterns?

Dark Patterns are tactics used by digital platforms and website operators that manipulate (either in a subtle way or a more aggressive way) consumers’ decision-making when completing certain actions, such as subscribing to services online, adding items to their cart online or providing personal information. A form of “digital dark arts” if you like, Dark Patterns can subtly shape, nudge or direct/misdirect the customer journey through a website’s layout, colour scheme, aesthetic choices or user flow. They can also take the form of data collection systems that trick people into providing information or consent beyond what is reasonably required, hence the intersection between privacy law and trade practices legislation.

Below are some of the main forms of Dark Patterns:

• Confirmshaming: Using language to shame someone into making a certain choice (e.g. Button 1 at check-out says “Yes, sign me up for news & future discounts”, while button 2 says “No, I hate discounts”).
• Misdirection: This may include having an option “front and centre” to perform a certain action (like a paid option to reserve a certain type of seat at a concert) while there is a hidden free option further down the page, that enables the user to book a similar seat at no charge.
• Forced Continuity: Subscriptions that are easy to sign up to but difficult to cancel. This also includes free subscriptions that switch to a paid scheme without notice.
• Scarcity Cues: Tactics designed to rush or pressure someone into a decision, e.g. countdown timers for shopping carts, or warning messages for low stock or expiring discounts.
• Nagging: Constantly feeding a pop-up or data capture screen at the user while they are engaged on another task, usually with a relatively simple “Yes/No” choice, such as to receive a newsletter that comes with a 10% sign up reward. Again, the user is more likely to tick “Yes” (aligned with confirmshaming discussed above), to get the nagging to stop rather than because they actually want to sign up.
• Trick Questions: Confusing language on online forms that makes it difficult to understand how to opt-out of a service.
• Hidden Costs: New and unexpected costs that appear at the check-out without consent or notice.
• False Hierarchy: Visual tactics designed to make certain clickable options less visible to people.
• Forced Actions / Data Grabs: Tricks that lead people into thinking that it is necessary to provide their personal information to access services when they do not have to.
• “Default” setting technique: Pre-configured account settings that enable maximum data sharing, relying on most users not changing their preferences.

Dark Patterns may seem like harmless annoyances inherent to the digital world, and indeed we are all so used to them that we have barely noticed the increasing prevalence of them. While most agencies and brands are doing the right thing and are merely trying to be as successful (and profitable) as they can be running their online stores, it is very easy to see how things can get out of hand, and quickly. It is also easy to see how a simple digital marketing technique can go from sharp but acceptable, to misleading and deceptive or otherwise breach the Australia Consumer Law (“ACL”) very easily. Take scarcity cues for instance – given the highly integrated digital inventory management systems utilised by many brands, it is possible to track stock levels and communicate these to consumers in real time. However, is the urgency or scarcity communicated actually legitimate, or is it fabricated/illusory? Similarly, communicating the availability of a product as “low stock”, only to tell the consumer when they decide to buy it that it is now “out of stock” before recommending some higher price alternative, may amount to bait advertising in breach of the ACL.

Most agencies and brands are constantly tweaking, adjusting and running A/B testing on their sites in an effort to improve conversion. Dark Patterns are, in many ways, the inevitable outcome of this activity.

With the global consistency of most website architecture for global brands, and the current economic situation, there is a confluence of risk factors colliding: brands are increasingly growing their online footprint and attracted to standardised functions to reduce costs, while at the same time consumers are more vulnerable than ever to perceived discounts and sensitive to price persuasion.

As we flagged above, you may be reading this and thinking “Sure, but isn’t this just the ‘dark arts’ of effective online marketing? Brands have been doing this stuff forever!” In general, that position is correct, and not all Dark Patterns and associated behaviour are illegal or in breach of law. However, as flagged above some tactics cross the line from mere persuasion into unfair deception and manipulation, and breaches of privacy. They can cause direct harm to consumers and even damage the reputations of brands that use them. In a 2022 report prepared by the Consumer Policy Research Centre in Melbourne, 83% of Australians experienced one or more negative consequences because of a website or app using Dark Patterns.[1] It also found that 1 in 4 Australians shared more personal information online than they wanted to because of Dark Patterns and 1 in 5 spent more than they intended to.

Australia’s current stance on Dark Patterns

Australian Consumer Law

Dark Patterns can trigger considerations under the ACL, especially where the patterns themselves (or the underlying conduct that they are evidence of) amount to misleading and deceptive conduct, an unfair contract term or, in serious cases, unconscionable conduct. However, the ACL offers limited protection for more nuanced Dark Patterns. For instance, Dark Patterns that coerce consumers into a specific choice through visual emphasis may not fit within the definition of “misleading and deceptive conduct”, and they may not meet the high threshold for “unconscionable conduct”. Again, dark arts. This is why Dark Patterns are one of the Australian Competition and Consumer Commission (“ACCC”) enforcement areas of interest, as discussed below.

Despite these limitations, the ACCC has already penalised businesses for using Dark Patterns through these existing measures. Earlier this year, Dreamscape Networks International Pte Ltd paid $56,340 in penalties after the ACCC issued three infringement notices for allegedly making false or misleading representations about its products. Crazy Domains, which is owned and operated by Dreamscape, advertised on its website that its “3-month website builder products” were free gifts which were automatically added to customers’ shopping carts. This is an example of Forced Continuity as the products were actually subject to automatic renewal fees which some customers paid without notice.

The Privacy Act 1988 and The Spam Act 2003

Data-grabbing, False Hierarchy and other Dark Patterns that nudge or pressure people into providing more personal information than necessary or consenting to a broader use of their personal information than is required could breach the Privacy Act. The Act requires businesses to be open and transparent on how personal information is collected and used to ensure people can provide informed consent. However, Dark Patterns can limit an individual’s ability to consent to data collection as these tactics typically conceal the purpose of collection or limit choices on how personal information is handled. Further, if the personal information collected by Dark Patterns is then used to spam people with marketing materials or if opt-out processes for these materials are made difficult or impossible, the Spam Act may be breached.

How does Australia compare internationally?

In light of the changes that we have seen globally (see below) we expect the Australian Privacy Act to eventually be amended to introduce specific measures to address the rising risk brought about from Dark Patterns. This is because Proposal 20 of the Act’s review, which is still being developed, proposes an unqualified right for individuals to opt-out of their personal information being used for direct-marketing. For further information on the reforms to the Privacy Act, please see our article FINALLY – The Privacy Amendment Bill (round one) is here. However, the Privacy Act review still does not introduce specific proposals that address the use of Dark Patterns and does not clarify which Australian Privacy Principles cover them. While this is arguably a relief for agencies and brands who have one less compliance burden to consider, it may not last.

More aggressive approaches to combat and regulate Dark Patterns have been adopted overseas. In Europe, the Digital Services Actexplicitly bans online platforms from using Dark Patterns, and the United Kingdom is set to introduce a similar measure with the forthcoming Digital Markets, Competition and Consumer Act which will ban the use of dark patterns to sell products and services.

The United States also demonstrated an intolerance for major brands using Dark Patterns, relying on existing regulatory prohibitions on deceptive consumer practices under the Federal Trade Commission Act. The US Federal Trade Commission took action against Amazon for using Dark Patterns to trick consumers into enrolling in and automatically renewing Prime subscriptions, and then making it difficult to cancel. They also brought an action against Epic Games for “tricking” children into paying unwanted charges, which recognised children’s susceptibility to Dark Patterns.

What happens next?

In 2020, the ACCC commenced the five-year Digital Platform Services Inquiry to look into practices by digital platform services that result in consumer harm. In their Interim Report No. 5 – Regulatory Reform (“DPSI 5”), issued in September 2022, the ACCC emphasised the need for better tools to address Dark Patterns. It was recognised that many Dark Patterns fall outside existing prohibitions, and it is the ACCC’s view that introducing a general unfair trading practices prohibition could potentially help cover this gap. This would capture any conduct that is harmful but does not meet the legal threshold for unconscionable conduct or is not considered misleading or deceptive conduct or an unfair contract term.

Although the ACCC’s final report is set to be issued by 31 March 2025, the following measures have been proposed to combat the use of Dark Patterns:

• Expanding the existing prohibition on statutory unconscionable conduct
• Introducing a general prohibition on unfair trading practices
• Introducing specific prohibitions on Dark Patterns
• Introducing an ombudsman scheme for digital platforms led by the Telecommunication Industry Ombudsman

Further, with the Children’s Online Privacy Code still in the works, privacy experts are calling for it to restrict any digital platforms targeting children to using Dark Patterns only where it is in their best interest (e.g. an alert encouraging them to take a break from the site).

Brands such as Amazon and Google have already criticised the above suggested measures which could delay relief and cause tension for the advertising and marketing industry. They argue that the ACCC should allow more time for existing measures (such as the updated unfair contract terms laws and the revised privacy laws) to be tested against Dark Patterns, and that Dark Patterns are developing rapidly and further exploration is required to fully understand their repercussions before they are regulated directly.

What can you do?

As regulators in Australia and around the world are zeroing in on Dark Patterns, agencies, brands and digital platform service providers should review their marketing practices. While good, effective marketing will always have a place, there is a fine line. Although discretion should be used to determine whether a marketing tactic is deceitful and exploitative, the following considerations can help to maintain consumer trust and avoid legal disputes:

• Transparency: Prioritise transparency in how information is presented on digital platforms and ensure that messaging concerning products, pricing or services is clear and straight forward.
• Keep it simple: Avoid complicated user flows or language, especially for subscription cancellations or any other opt-outs, and do not shame or pressure consumers into making a certain choice.
• Data Collection: Avoid using misleading or complicated consent forms to collect personal information and only collect information truly necessary for the product or service provided.
• Real consents and truthful interactions: Avoid obtaining consents under any form of duress, pressure, or nagging. Ultimately, you may be able to prove that the user clicked “OK”, but if you got there by pressuring them, annoying them, or otherwise deceiving them, that “OK” will not hold up to upgraded legal scrutiny.
• Compliance reviews: Ensure your digital platforms are regularly reviewed for legal compliance and stay informed on regulatory obligations impacting Dark Patterns.
• Feedback: Engage with customer experience feedback and respond appropriately (and with good legal advice) to any complaints regarding confusing or deceptive tactics on digital platforms.

Ultimately, marketing will always be marketing, but the darker arts behind some Dark Patterns really challenge fairness and legality in the digital age. As both Australia and the rest of the world grapple with how best to regulate the more manipulative versions of these tactics, the hope is that stronger legal frameworks will foster a more ethical digital world, where consumers are genuinely in control of their online choices, and brands are able to avoid falling foul of the law.

Contact us

If you require further guidance on Dark Patterns or general assistance with your digital platforms, please contact one of our experts below.

Co-authored by

[1] Consumer Policy Research Centre, 2022, Duped by design – Manipulative online design: Dark patterns in Australia, https://cprc.org.au/report/duped-by-design-manipulative-online-design-dark-patterns-in-australia/.