What Hides in the Shadows: Deceptive Design of Dark Patterns
link to page 1 
November 4, 2022
What Hides in the Shadows: Deceptive Design of Dark Patterns
Many consumers have encountered “dark patterns” online,
requiring cumbersome procedures to “opt out” of data
but may not recognize their name or harmful impacts. A
collection). Research has found that dark patterns
Federal Trade Commission (FTC) staff report describes
disproportionately affect lower-income individuals and
dark patterns as “design practices that trick or manipulate
individuals with lower levels of educational attainment.
users into making choices they would not otherwise have
made and that may cause harm.” Examples include (1)
A 2019 study found that dark patterns were present on 11%
subscriptions that, despite all efforts, seem impossible to
of popular e-commerce websites. Dark patterns are even
cancel; (2) terms and conditions hidden at the bottom of
more common in mobile apps: a 2020 study identified dark
webpages in tiny fonts; and (3) buttons with confusing
patterns on 95% of free Android apps in the U.S. Google
phrasing that result in an accidental agreement or purchase
Play Store. The growing prevalence of dark patterns may
(see Figure 1).
raise additional consumer protection concerns, especially as
mobile e-commerce currently accounts for more than 70%
Figure 1. Example of a Dark Pattern
of total e-commerce sales globally.
Types of Dark Patterns
The following represent a selection of common dark
patterns:
Preselection: Default selections that benefit the
company (e.g., cookie consent banners that preselect to
opt in to cookie tracking)
Nagging: Repeated requests for certain consumer
actions or denying the consumer’s ability to
permanently accept or decline (e.g., websites with
Source: CRS, adapted from Bryce Durbin, TechCrunch.
disruptive pop-ups that continuously ask permission to
send notifications)
Dark patterns are becoming increasingly pervasive online,
which has raised consumer protection, privacy, and
Hidden Information: Hiding important information
competition concerns in Congress.
from consumers (e.g., in lengthy terms of service or in
small font)
Overview of Dark Patterns
Subverting Privacy: Inducing consumers to provide
Dark patterns deployed online can influence consumer
more of their data than intended (e.g., online platforms
behavior and decisionmaking through psychological, visual,
that require users to provide information to gain access,
emotional, or other tactics. Because dark patterns are often
or privacy settings that are difficult to utilize)
opaque and subtle, consumers may never realize the
influence on their online behavior. This has led some
Dark patterns may also contribute to the gamification of
scholars to raise concerns related to consumer autonomy,
certain online services and addiction to online platforms.
welfare, and protection. Dark patterns vary in appearance
Gamification refers to the use of game-like design elements
and prevalence across different industries, sites, apps,
and rewards systems that may give rise to impulsive
services, and contexts, so no uniform definition exists.
decisions, often found in financial trading and educational
apps. Inducing consumers to watch the next recommended
Dark patterns may also harm competition. Some scholars
video through an auto-play feature that loads new content
argue dark patterns are anticompetitive since they erode
without user action or agreement may be another example
consumer welfare and consumer choice. For example, dark
of a dark pattern. This is of particular concern for children
patterns may inhibit consumers from switching to other
when shown age-inappropriate content.
market competitors or act to decrease price transparency by
limiting price comparison through bundling items or
Advances in artificial intelligence, machine learning, and
different price metrics (e.g., products are grouped together
data collection and analysis techniques coupled with the use
and sold as a single unit, or products use different metrics
of dark patterns have raised additional concerns. Some
such as price per unit compared to price per ounce). Dark
scholars argue that companies’ real-time experimentation,
patterns may also influence consumer purchasing decisions
machine learning models, and A/B testing (which shows
(e.g., false limited-time messages or countdown timers to
consumers two different versions of a user interface to
purchase an item) or influence users to reveal personal
allow comparison of the results) may enable and incentivize
information. They may also make it difficult for consumers
new micro-targeted dark patterns or algorithms optimized
to exercise agency over their online privacy (e.g., by
to induce specific online behavior.
https://crsreports.congress.gov
What Hides in the Shadows: Deceptive Design of Dark Patterns
Existing Oversight and Regulation
company TransUnion for employing an array of digital dark
Some dark patterns may violate existing laws enforced by
patterns in order to profit from consumers.
federal privacy and consumer protection agencies, while
others may not. The Federal Trade Commission (FTC) and
State Regulation
the Consumer Financial Protection Bureau (CFPB) have
A handful of states, including California, Colorado, and
recently taken enforcement action against certain dark
Connecticut, have enacted legislation to regulate or ban
patterns found to be unlawful.
certain forms of dark patterns. The California Consumer
Privacy Act (CCPA) defines dark patterns as a “user
Federal Trade Commission (FTC)
interface designed or manipulated with the substantial
Some dark patterns may violate Section 5 of the FTC Act,
effect of subverting or impairing user autonomy,
which prohibits “unfair or deceptive acts or practices
decisionmaking, or choice, as further defined by
[UDAP] in or affecting commerce.”
regulation.” It is the first U.S. law to define dark patterns
and served as the basis for the Colorado and Connecticut
In recent years, the FTC has applied its existing UDAP
statutory definitions. The California Privacy Rights Act
authorities to take enforcement actions against multiple
(CPRA), which California will begin enforcing in 2023 and
companies and online platforms that have employed dark
expands the CCPA, includes a provision that explicitly
patterns. The agency’s September 2022 report, “Bringing
forbids the use of dark patterns to obtain consent related to
Dark Patterns to Light,” details many of these cases.
the processing of personal information.
The FTC also enforces other statutes that dark patterns may
Questions for Congress
violate. These include:
Given the potential adverse impact of dark patterns on
consumers, Congress may consider whether further action
Restore Online Shoppers’ Confidence Act, ROSCA (15
is appropriate:
U.S.C. §§8401-8405), prohibits additional charges
added after an online transaction without the consumer’s
Existing data privacy and consumer protection laws
express consent;
prohibit some dark patterns, but not all. Congress may
consider expanding the scope of those laws to address
CAN-SPAM Act (15 U.S.C. §§7701-7713), sets rules
all dark patterns. For existing laws that prohibit dark
for commercial emails and allows users to opt out of
patterns, limited FTC and CFPB resources may preclude
emailing;
fuller enforcement of those laws. Congress may
consider whether relevant agencies should receive
Children’s Online Privacy Protection Act, COPPA (15
additional resources, such as from appropriations, fees,
U.S.C. §§6501-6505), provides certain data protections
fines, or other sources to support enforcement activities.
for children under the age of 13.
Congress may consider whether to address dark patterns
However, some dark patterns may fall outside the FTC’s
legislatively either in broader legislation on data privacy
existing authorities or require close agency examination
and data protections, or in separate more targeted
before possible enforcement. According to the FTC’s
legislation. Some members have already introduced
report, “there are certain dark patterns that the FTC has
legislation in the 117th Congress specific to dark
consistently found to be unlawful, while others would
patterns. For example, the Deceptive Experiences to
depend on a case-by-case evaluation.” Limited agency time
Online Users Reduction (DETOUR) Act (S. 3330)
and resources may preclude the necessary evaluation of
would prohibit large online platforms from using dark
certain dark patterns.
patterns.
While some scholars argue that the FTC has sufficient
Congress may consider whether a statutory definition of
authorities to regulate harmful dark patterns under Section 5
dark patterns is needed, and if so, how to structure a
of the FTC Act, others support an expansion of the
definition or determine whether a dark pattern is unfair
agency’s mandate that expressly includes “manipulative” or
or deceptive. One challenge is that identification of dark
“abusive” practices. These critics argue the FTC’s current
patterns is often context-specific. Another is that
UDAP authorities may be insufficient in cases where
companies might attempt to modify their techniques to
deception is not the core issue.
circumvent statutory definitions.
Consumer Financial Protection Bureau (CFPB)
In taking any of the above approaches, Congress may
The Consumer Financial Protection Act of 2010 (CFPA)
consider unintended consequences, such as the risk that
established the CFPB as the federal government’s primary
prohibiting dark patterns or defining legitimate consent
regulator of consumer financial products and services. The
without manipulation could limit legitimate design
act also gives the CFPB authority over unfair, deceptive, or
techniques and marketing practices.
abusive practices related to consumer financial products
and services. The CFPB has taken enforcement action
Kristen E. Busch, Analyst in Science and Technology
under this authority against financial service companies that
Policy
allegedly abuse dark patterns. For example, in 2022, the
CFPB took action against consumer credit reporting
IF12246
https://crsreports.congress.gov
What Hides in the Shadows: Deceptive Design of Dark Patterns
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF12246 · VERSION 1 · NEW
November 4, 2022
What Hides in the Shadows: Deceptive Design of Dark Patterns
Many consumers have encountered “dark patterns” online,
requiring cumbersome procedures to “opt out” of data
but may not recognize their name or harmful impacts. A
collection). Research has found that dark patterns
Federal Trade Commission (FTC) staff report describes
disproportionately affect lower-income individuals and
dark patterns as “design practices that trick or manipulate
individuals with lower levels of educational attainment.
users into making choices they would not otherwise have
made and that may cause harm.” Examples include (1)
A 2019 study found that dark patterns were present on 11%
subscriptions that, despite all efforts, seem impossible to
of popular e-commerce websites. Dark patterns are even
cancel; (2) terms and conditions hidden at the bottom of
more common in mobile apps: a 2020 study identified dark
webpages in tiny fonts; and (3) buttons with confusing
patterns on 95% of free Android apps in the U.S. Google
phrasing that result in an accidental agreement or purchase
Play Store. The growing prevalence of dark patterns may
(see Figure 1).
raise additional consumer protection concerns, especially as
mobile e-commerce currently accounts for more than 70%
Figure 1. Example of a Dark Pattern
of total e-commerce sales globally.
Types of Dark Patterns
The following represent a selection of common dark
patterns:
Preselection: Default selections that benefit the
company (e.g., cookie consent banners that preselect to
opt in to cookie tracking)
Nagging: Repeated requests for certain consumer
actions or denying the consumer’s ability to
permanently accept or decline (e.g., websites with
Source: CRS, adapted from Bryce Durbin, TechCrunch.
disruptive pop-ups that continuously ask permission to
send notifications)
Dark patterns are becoming increasingly pervasive online,
which has raised consumer protection, privacy, and
Hidden Information: Hiding important information
competition concerns in Congress.
from consumers (e.g., in lengthy terms of service or in
small font)
Overview of Dark Patterns
Subverting Privacy: Inducing consumers to provide
Dark patterns deployed online can influence consumer
more of their data than intended (e.g., online platforms
behavior and decisionmaking through psychological, visual,
that require users to provide information to gain access,
emotional, or other tactics. Because dark patterns are often
or privacy settings that are difficult to utilize)
opaque and subtle, consumers may never realize the
influence on their online behavior. This has led some
Dark patterns may also contribute to the gamification of
scholars to raise concerns related to consumer autonomy,
certain online services and addiction to online platforms.
welfare, and protection. Dark patterns vary in appearance
Gamification refers to the use of game-like design elements
and prevalence across different industries, sites, apps,
and rewards systems that may give rise to impulsive
services, and contexts, so no uniform definition exists.
decisions, often found in financial trading and educational
apps. Inducing consumers to watch the next recommended
Dark patterns may also harm competition. Some scholars
video through an auto-play feature that loads new content
argue dark patterns are anticompetitive since they erode
without user action or agreement may be another example
consumer welfare and consumer choice. For example, dark
of a dark pattern. This is of particular concern for children
patterns may inhibit consumers from switching to other
when shown age-inappropriate content.
market competitors or act to decrease price transparency by
limiting price comparison through bundling items or
Advances in artificial intelligence, machine learning, and
different price metrics (e.g., products are grouped together
data collection and analysis techniques coupled with the use
and sold as a single unit, or products use different metrics
of dark patterns have raised additional concerns. Some
such as price per unit compared to price per ounce). Dark
scholars argue that companies’ real-time experimentation,
patterns may also influence consumer purchasing decisions
machine learning models, and A/B testing (which shows
(e.g., false limited-time messages or countdown timers to
consumers two different versions of a user interface to
purchase an item) or influence users to reveal personal
allow comparison of the results) may enable and incentivize
information. They may also make it difficult for consumers
new micro-targeted dark patterns or algorithms optimized
to exercise agency over their online privacy (e.g., by
to induce specific online behavior.
https://crsreports.congress.gov
What Hides in the Shadows: Deceptive Design of Dark Patterns
Existing Oversight and Regulation
company TransUnion for employing an array of digital dark
Some dark patterns may violate existing laws enforced by
patterns in order to profit from consumers.
federal privacy and consumer protection agencies, while
others may not. The Federal Trade Commission (FTC) and
State Regulation
the Consumer Financial Protection Bureau (CFPB) have
A handful of states, including California, Colorado, and
recently taken enforcement action against certain dark
Connecticut, have enacted legislation to regulate or ban
patterns found to be unlawful.
certain forms of dark patterns. The California Consumer
Privacy Act (CCPA) defines dark patterns as a “user
Federal Trade Commission (FTC)
interface designed or manipulated with the substantial
Some dark patterns may violate Section 5 of the FTC Act,
effect of subverting or impairing user autonomy,
which prohibits “unfair or deceptive acts or practices
decisionmaking, or choice, as further defined by
[UDAP] in or affecting commerce.”
regulation.” It is the first U.S. law to define dark patterns
and served as the basis for the Colorado and Connecticut
In recent years, the FTC has applied its existing UDAP
statutory definitions. The California Privacy Rights Act
authorities to take enforcement actions against multiple
(CPRA), which California will begin enforcing in 2023 and
companies and online platforms that have employed dark
expands the CCPA, includes a provision that explicitly
patterns. The agency’s September 2022 report, “Bringing
forbids the use of dark patterns to obtain consent related to
Dark Patterns to Light,” details many of these cases.
the processing of personal information.
The FTC also enforces other statutes that dark patterns may
Questions for Congress
violate. These include:
Given the potential adverse impact of dark patterns on
consumers, Congress may consider whether further action
Restore Online Shoppers’ Confidence Act, ROSCA (15
is appropriate:
U.S.C. §§8401-8405), prohibits additional charges
added after an online transaction without the consumer’s
Existing data privacy and consumer protection laws
express consent;
prohibit some dark patterns, but not all. Congress may
consider expanding the scope of those laws to address
CAN-SPAM Act (15 U.S.C. §§7701-7713), sets rules
all dark patterns. For existing laws that prohibit dark
for commercial emails and allows users to opt out of
patterns, limited FTC and CFPB resources may preclude
emailing;
fuller enforcement of those laws. Congress may
consider whether relevant agencies should receive
Children’s Online Privacy Protection Act, COPPA (15
additional resources, such as from appropriations, fees,
U.S.C. §§6501-6505), provides certain data protections
fines, or other sources to support enforcement activities.
for children under the age of 13.
Congress may consider whether to address dark patterns
However, some dark patterns may fall outside the FTC’s
legislatively either in broader legislation on data privacy
existing authorities or require close agency examination
and data protections, or in separate more targeted
before possible enforcement. According to the FTC’s
legislation. Some members have already introduced
report, “there are certain dark patterns that the FTC has
legislation in the 117th Congress specific to dark
consistently found to be unlawful, while others would
patterns. For example, the Deceptive Experiences to
depend on a case-by-case evaluation.” Limited agency time
Online Users Reduction (DETOUR) Act (S. 3330)
and resources may preclude the necessary evaluation of
would prohibit large online platforms from using dark
certain dark patterns.
patterns.
While some scholars argue that the FTC has sufficient
Congress may consider whether a statutory definition of
authorities to regulate harmful dark patterns under Section 5
dark patterns is needed, and if so, how to structure a
of the FTC Act, others support an expansion of the
definition or determine whether a dark pattern is unfair
agency’s mandate that expressly includes “manipulative” or
or deceptive. One challenge is that identification of dark
“abusive” practices. These critics argue the FTC’s current
patterns is often context-specific. Another is that
UDAP authorities may be insufficient in cases where
companies might attempt to modify their techniques to
deception is not the core issue.
circumvent statutory definitions.
Consumer Financial Protection Bureau (CFPB)
In taking any of the above approaches, Congress may
The Consumer Financial Protection Act of 2010 (CFPA)
consider unintended consequences, such as the risk that
established the CFPB as the federal government’s primary
prohibiting dark patterns or defining legitimate consent
regulator of consumer financial products and services. The
without manipulation could limit legitimate design
act also gives the CFPB authority over unfair, deceptive, or
techniques and marketing practices.
abusive practices related to consumer financial products
and services. The CFPB has taken enforcement action
Kristen E. Busch, Analyst in Science and Technology
under this authority against financial service companies that
Policy
allegedly abuse dark patterns. For example, in 2022, the
CFPB took action against consumer credit reporting
IF12246
https://crsreports.congress.gov
What Hides in the Shadows: Deceptive Design of Dark Patterns
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF12246 · VERSION 1 · NEW