The California Attorney General recently published new regulations that implement the California Consumer Privacy Act (CCPA), a law that takes some important steps to empower consumer choice. What stands out the most in the new regulations is the explicit prohibitions around deceitful user interfaces (Section 999.315h) when the user exercises their CCPA right to opt-out from sale of their personal information.
“Dark Patterns” are defined by the user experience (UX) researcher who coined the term, Harry Brignull, as “tricks used in websites and apps that make you buy or sign up for things that you didn't mean to.” In this context, dark patterns can be used to undermine the CCPA’s right to opt-out. With this new regulation, it prohibits companies from burdening consumers with confusing language or unnecessary steps. EFF provided comments to encourage adoption of this proposed regulation.
The CCPA does not currently mandate the right to opt-in, that is, a more proactive legal rule that a business cannot sell a consumer’s personal information unless the consumer gives permission. Having to retroactively go through multiple screens of opting out burdens the consumer. The current CCPA rule is opt-out. With that comes the need to prohibit businesses from stopping consumers from exercising that right, by banning dark patterns.
The new CCPA regulations also encourage widespread adoption of a standardized privacy icon to convey the opt-out process. This icon was designed by Carnegie Mellon University’s Cylab and the University of Michigan’s School of Information. Even though providing a universal icon could potentially help users see their options to exercise their CCPA rights, we hope that this ongoing conversation is informed by web accessibility. Confusing language, entangled and layered user interfaces, tiny lettering, and other dark pattern tactics are tied to the conversation of making information accessible and clear for the user. We also believe readability should be considered as well, where language is crafted for everyone's understanding. For example, EFF explicitly advocated for the ban of double negatives, a common writing tactic deployed in dark patterns.
We hope to see more consumer empowering regulation in the future. Especially where it concerns consumers who don’t want their data shared or sold at any capacity or in any context online.