GDPR

Guidelines on Dark Patterns

The Guidelines offer practical recommendations to designers and users of social media platforms on how to assess and avoid so called “dark patterns” in social media interfaces that infringe on GDPR requirements.

In the context of these Guidelines, “dark patterns” are considered as interfaces and user experiences implemented on social media platforms that lead users into making unintended, unwilling and potentially harmful decisions regarding the processing of their personal data.

Dark patterns aim to influence users’ behavior and can hinder their ability to effectively protect their personal data and make conscious choices. Data Protection authorities are responsible for sanctioning the use of dark patterns if these breach GDPR requirements.

The dark patterns addressed within these Guidelines can be divided into the following categories: 

– Overloading: avalanche/large quantity of requests, information, options or possibilities in order to prompt them to share more data or unintentionally allow personal data processing against the expectations of the data subject.

– Skipping: designing the interface or user experience in a way that users forget or do not think about all or some of the data protection aspects.

– Stirring: affects the choice users would make by appealing to their emotions or using visual nudges.

– Hindering: obstructing or blocking users in their process of becoming informed or managing their data by making the action hard or impossible to achieve.

– Fickle: design of the interface is inconsistent and not clear, making it hard for the user to navigate the different data protection control tools and to understand the purpose of the processing.

– Left in the Dark: interface is designed in a way to hide information or data protection control tools or to leave users unsure of how their data is processed and what kind of control they might have over it regarding the exercise of their rights.