Senate Bill Bans ‘Dark Patterns’ Trickery in Social Media Data Collection
This week, a new bipartisan bill was introduced in the U.S. Senate that bans large social networks from using deceptive user interfaces. Also known as “dark patterns,” these user interfaces are designed to trick users into relinquishing their personal data or consenting to data abuses. The new Deceptive Experiences To Online Users Reduction (DETOUR) Act will apply to all internet tech companies with over 100 million users.
“For years, social media platforms have been relying on all sorts of tricks and tools to convince users to hand over their personal data without really understanding what they are consenting to. Some of the most nefarious strategies rely on ‘dark patterns’ — deceptive interfaces and default settings, drawing on tricks of behavioral psychology, designed to undermine user autonomy and push consumers into doing things they wouldn’t otherwise do, like hand over all of their personal data to be exploited for commercial purposes,” said U.S. Sen. Mark Warner (D-Va.), a former technology executive who is vice chairman of the Senate Select Committee on Intelligence.
“Our goal is simple: to instill a little transparency in what remains a very opaque market and ensure that consumers are able to make more informed choices about how and when to share their personal information,” added Warner, who is a co-sponsor of the bill.
This specific form of dark patterns is often also referred to as “Privacy Zuckering,” in a public shaming of founder and CEO Mark Zuckerberg after several Facebook data abuse scandals came to light. Examples are easily found in headlines like this one that screams “Facebook engages in ‘privacy zuckering’ to get user consent for facial recognition” in VentureBeat.
But there are actually several types of dark patterns — and none of them are good. They include bait and switch, guilting users into agreeing to something (called confirmshaming), ads disguised as reputable content, forced service continuance after a free trial, tricking you into sharing your contacts so they can spam your friends, hidden costs, misdirection, price comparison lockouts, trick questions, blocked exits (no way to stop a subscription) and sneaky sales cart add-ons.
Supporters point to widespread trickery such as dark patterns, as well as data abuses by social media platforms themselves, by game and test companies disguised as entertainment on social media and by criminals who use social media info in phishing schemes as reason for a series of legislation meant to protect consumers.
Detractors are concerned that legislation may make things worse.
“It would be great if all websites adhered to the standards put forth in the DETOUR bill, but as we’ve seen in the past, regulations on the web are difficult to enforce,” said Paul Bischoff, privacy advocate with Comparitech.com. “As a result, these sorts of regulations often end up becoming a burden for law-abiding websites, while those that choose to ignore them gain a competitive advantage with little consequence. We saw this play out with the EU’s ePrivacy Directive that required European website get consent for cookies. On top of that, the law won’t affect websites that operate from other countries, either.”
“Before lawmakers push this bill forward, they need to think very carefully about enforcement and penalties, and whether or not it’s actually feasible or if this is just a symbolic gesture that will place undue burden on businesses. It’s also important to be as specific as possible, so that the law is not misinterpreted. Wording like ‘a deliberate obscuring of alternative choices or settings through design,’ for example, is far too vague,” Bischoff added.
While such concerns are likely valid, the problem legislators are trying to resolve is …