Are you aware of GDPR dark patterns? - If you are handling any kind of user data or running advertising trackers, you will know about complying to the likes of data regulations like the GDPR.
This kind of requirement can get in the way of companies making profits because more and more users are wanting to "Reject All" on cookie consent and take control of their privacy online. In reaction to more users turning off a lot more data tracking, companies are trying out more tricks to encourage users to keep all their privacy options open, such as nudge techniques.
A nudge technique is where a website will encourage the user to keep their cookie consent options on and allow more of their user data to be shared, thus, allowing better targeted adverts and more profit. The problem here is that the user is misguided and made to feel like they have no control or choice. The consent modal will only encourage one option and that option is usually what the company/website wants you to click, this is where you can fall into GDPR dark patterns, you end up removing the choice from the user visiting your website or service.
A dark pattern consent modal will say things like "Accept now and receive all the cool features" in contrast to "Don’t accept and have a reduced experience and less options". In the eyes of the GDPR, the user should have the same experience and be shown the same content no matter their consent settings, the users privacy and choices should be respected and it should not be made harder to choose different options.
An example of this is where consent modals take up the whole screen and make it harder to reject all or change privacy options:
The consent modal above is meeting the GDPR requirements by offering a modal to control privacy settings but it is an example of dark patterns towards user privacy. At first this modal is the first thing the user is presented with, they have not much choice other than to automatically click "I Accept" and get access to the content, this is wrong because the opt-out options are not labelled clearly and the modal makes you navigate further to access privacy options, there is no "Reject All" button. It is not clear to the user that they have any choice, to get access to the content the user will most likely click the accept button, this is not enough and is misleading the user.
UniConsent avoids data regulation dark patterns by offering a "Reject All" button, a consent modal with UniConsent makes it clear that the user has choice and is allowed to quickly accept all options or reject all at the click of a button. UniConsent modals do not make it confusing for users. Publishers installed UniConsent CMP have the choice to enable or disable "Reject All" button at the management console depending on requirements.
For example, with UniConsent a valid modal that avoids dark patterns look like this:
You can clearly see that the user can either accept or reject without having to navigate through confusing menus or buttons. UniConsent quickly provides 3 options, the user has the choice on what they can do clearly.
UniConsent clearly presents the purposes without having to click any further buttons. Dark patterns are considered bad practice and are of concern because they are criticised for manipulating consumers into subscribing to things they don't want or for users to give up their privacy so websites can sell better targeted adverts.
EU regulators are starting to use their GDPR powers to sanction the use of dark patterns which go against the principles of privacy online. It is good to beware of what is right and what is wrong because you could be at fault. Dark patterns are new and becoming more in the line of fire which may have started as an aggressive trick to get users to hand over data but may have become unlawful practice.
Website designers and marketers need to be aware of dark patterns and they should not be directly manipulating users to give up more data than required, by falling into use of such practices it reduces data transparency, data minimisation, and data protection for the user and that is what the GDPR is all about.
As a major example the French data protection authority (CNIL) were able to fine Google 57 million Euros for following dark patterns which led to users not being able to correctly choose privacy settings and forcing them to navigate through multiple buttons to turn off certain options.
Some modals are not valid because all the opt-in settings are on by default and you have to go through them individually to turn them off, thus, likely forcing a user to blindly click "Accept All" because that is quicker to get to the content they wish to view, a consent manager should not get in the way like this.
UniConsent ensures its modal does not get in the way, there are no default options, just a quick "Reject All" or "Accept All" and a button to manage each consent option for a granular experience.
Now that we better understand what dark patterns are in relation to privacy consent managers, what are the recommendations to follow to avoid them? - Let’s walk through some basic requirements of a good consent modal, which is what UniConsent follows as well.
With UniConsent we follow all the recommended ways of avoiding dark patterns, we ensure the user is given a choice. A user's privacy is respected and quick response and loading times mean the user can select their options without feeling forced to accept to gain access to content quicker. Dark patterns are harmful to user privacy and we should instead be aiming to obtain genuine consent.
UniConsent is a part of Transfon's privacy-first User Experience Platform serves tens of millions of users per day to provide a seamless privacy experience for both users and publishers in the age of post GDPR. Contact us to know more: firstname.lastname@example.org
What is new about IAB TCF: GVL changes and Action Plan of IAB TCF to the Belgian DPA Decision
Reject All button at cookie banner for GDPR in each country
IAB TCF Update, Reduction of the timestamps precision in the TC String
Italy Garante: Guidelines on Cookies & Tracking Technologies takes effect on 9th Jan 2022
Austrian DPA: Google Analytics violates "Schrems II" decision by CJEU
How to Setup Consent Manager: Add a Privacy Settings Link or Privacy Badge on Your Website