Please check out the conversation I had with Alexandra Ross and Elena Elkina about dark patterns.
A “dark pattern” is a term coined in 2010 by Harry Brignull, who defined it as “a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.” The California Privacy Rights Act (CPRA) defines a “dark pattern” as “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation.”
For more background about dark patterns, please see my recent post for Dark Patterns Reading List and Resources. In this post, I provide a list of useful articles, writings, websites, videos, and other resources on dark patterns.
On this podcast, Info Matters, I chat with Patricia Kosseim, Information and Privacy Commissioner (IPC) of Ontario, Canada about kids and privacy and my children’s book on privacy, THE EYEMONGER.
Episode Summary: Parents, kids, teachers, this one’s for you! Explaining privacy in a way that kids can understand — concepts and tools you can use to start discussing this very important topic from a young age. Conversation with international privacy expert Daniel Solove with highlights from his children’s book The Eyemonger.
If you’re interested in children’s privacy, I created a page of resources about children’s privacy for educators and parents here.
Dark patterns are starting to receive increased regulatory attention, which is a welcome development in the evolution of privacy law. Here’s a dark patterns resource and reading list.
What Are “Dark Patterns”?
Harry Brignull coined the term “dark pattern” in 2010, defining it as “a user interface that has been carefully crafted to trick users into doing things, such as buying insurance with their purchase or signing up for recurring bills.” He now has a site devoted to dark patterns.
Regulating Dark Patterns
Dark patterns are increasingly becoming a focus of regulation. Regulators have long been reluctant to regulate technological design, but increasingly the reality is becoming clear: To effectively protect privacy, design must be regulated. The term “dark patterns” is catching on, and regulators are increasingly emboldened to regulate. It’s far more palatable to try to stop “dark patterns” than it is to restrict certain “technological designs.”
Under the California Privacy Rights Act (CPRA), the use of dark patterns to obtain consent will render consent invalid. A dark pattern is “a user interface designed or manipulated with the substantial effect of subverting or impairing user autonomy, decision-making, or choice, as further defined by regulation.” The privacy bill pending in the State of Washington seeks to restrict dark patterns. The FTC will be holding a dark patterns workshop later this month.
Dark Patterns Reading List and Resources
Here’s a list of resources about dark patterns that are worth attention:
This cartoon is about “data ethics,” a term for when companies make an effort to review the ethical ramifications of their activities involving personal data. I generally applaud looking at ethics broadly because it avoids being unduly constrained in its focus by narrow conceptions of privacy. But there often isn’t sufficient rigor in the analysis of data ethics.
Ultimately, companies are formed to make a profit. We must not forget their true nature. A tiger can snuggle with you like a kitten, but it is still a tiger. Corporations can act ethically, but their nature is to make profits. When profits conflict with ethics, it’s hard for companies to resist the pull of their nature. This is why regulation is a necessity.
We should reward companies for acting ethically. But just as with the snuggly tiger, we shouldn’t ever let our guard down.
The TeachPrivacy Data Privacy Law Fellowship is a part-time fellowship for recent law school graduates. The Fellowship is virtual, so fellows can work from any location.
Data Privacy Law Fellows help Professor Daniel Solove research, draft, and update scripts for training courses and do research for resources, guides, and other materials. TeachPrivacy has 150+ courses on various federal, state, and international privacy laws (GDPR, HIPAA, FERPA, GLBA, CCPA, TCPA, CAN-SPAM, CASL, LGPD, and many more). Fellows also assist with researching new developments in the law to keep scripts up-to-date. Additionally, fellows help with researching for blog posts and with the company’s social media. Generally, Professor Solove hires recent graduates who have taken a privacy law class or who have otherwise acquired a background in privacy law.
TeachPrivacy is a computer-based training company founded and run by Professor Daniel Solove. TeachPrivacy produces privacy and security compliance training for hundreds of companies, hospitals, health plans, universities, government agencies, and other organizations around the world, including many Fortune 500 multinationals.
JD at US law school or foreign law school
Strong interest in privacy issues
Desire to pursue a career in privacy law
Information privacy law coursework
Experience in privacy law (internships, etc.)
The Fellowship has no formal duration, but most fellows work for 6-18 months. Former Data Privacy Fellows now work at large law firms, prominent companies, industry associations, and many other prestigious organizations.
This cartoon focuses on video recording – how people readily whip out their phones to record events involving people in distress. The “bystander effect” is often invoked to describe the phenomenon of why people watch an emergency unfold without trying to help the victim. Perhaps there should be a modern update to the “bystander effect” called the “video recording effect” to describe how people will take videos of people in distress rather than help them.
In an interesting article, Why Do People Film Others in Distress Instead of Helping Them?, Angela Lashbrook discusses research on the bystander effect (it’s not as strong a phenomenon as many accounts say it is) as well as the effects of surveillance and video recording on people’s behavior. The research points in many different directions.
This cartoon is about the HIPAA right to access medical records. Obtaining access to one’s medical records is currently like a scavenger hunt. Patients have to call and call again, wait seemingly forever to get records, and receive them via ancient means like mail and fax. There have been several articles (here, here, and here) about healthcare providers clinging desperately to their antiquated fax machines. According to a study in 2019, 90% of healthcare providers still use faxes.
Many healthcare providers cite to HIPAA as a reason to deny patient’s requests to be emailed their records. But ironically, HIPAA says the opposite – providers must email patients their records if patients request them via email.
We’re well into the 21st Century now, and access to our health data should be much easier. HIPAA should do more than provide a right to access. It should encourage access and improve the ease of access.