Contact

What Privacy Professionals Need to Know About Dark Patterns Regulation

Published
30 Jun 2022
Read time
4 min read
Category
Europe, Law, Privacy

Dark patterns regulation has emerged as a focus in both the US and EU over the past years. Consider these regulatory activities from around the globe:  

  • In 2021, the US Federal Trade Commission issued a dark patterns enforcement policy. More recently, it began the process of seeking public input to modernize its disclosure guidance to address the ubiquitous use of dark patterns, noting that this is just one of a number of initiatives geared toward tackling dark patterns and digital deception.  
  • The California Privacy Protection Authority released its draft regulations in May 2022, which (if enacted) would mean any agreement obtained using dark patterns shall not constitute valid consent.  
  • The European Data Protection Board (EDPB) released its guidelines on dark patterns in social media platform interfaces.  

Read on to discover what Australian privacy professionals can take away from these global regulatory changes: 

EDPB Guidance About Dark Patterns 

While the EDPB’s guidance is for social media platforms operating in Europe, the guidelines offer plenty of guidance Australian organisations could implement as best practices – particularly when it comes to avoiding common dark patterns.  

The EDPB has categorised dark patterns and provided examples of each type, as follows:  

Dark Pattern Category 

Dark Pattern Examples

Overloading 
  • Continuous or repeated prompts and requests. 
  • Privacy mazes, which make it difficult to navigate to privacy settings.  
  • Too many options. 

Skipping 
  • Automatically selecting the most data invasive features or options (known as deceptive snugness).  
  • Look over there tactics, which puts data protection information or functionality in competition with other features.  

Stirring 
  • Emotional steering – or appeals that play to a user’s emotions.  
  • Hidden in plain sight features that nudge users towards more invasive privacy settings.  

Hindering 
  • Dead ends. 
  • Longer than necessary navigation to privacy settings.  

Fickle 
  • Unstructured or illogically structured information that lacks heirarchy.  
  • Decontextualizing privacy information.  

Left in the Dark 
  • Language discontinuity.  
  • Providing conflicting or unclear information.  
  • Ambiguous wording or information.  

Australian organisations could adopt these categories and implement policies that require designers to avoid them as a best practice.  

Dark Patterns Regulation in California

California’s draft regulations require that consents meet certain requirements to be considered a valid consent. The regulations go on to outline 5 requirements, alongside examples of poor practices.  

Requirement 

Examples of Dark Patterns/Poor Practices to Avoid 
Easy to understand   
Symmetry in choice 
  • Requiring a consumer to take more steps to opt-out of more invasive privacy settings than to opt-in.  
  • Making it impossible or difficult for users to decline in one step by providing options like “Yes” and “Ask me later” or “Accept all” and “More Information”.  
  • Offering a choice where the more data invasive option is more prominent.  
Avoiding confusing language or design elements 
  • Giving the choice of “Yes” or “No” to the statement “Do Not Sell My Personal Information” is confusing because it creates a double negative.  
  • Toggles that state “on” or “off”.  
  • Unintuitive placement of buttons, for instance, moving the order of the “Yes” and “No” buttons between choices to try to trick the user into giving consent for the more privacy-invasive option.   
Avoid manipulative language or choice architecture 
  • Providing options such as “No, I like paying full price” or “No, I don’t want to save money”.  
  • Requiring users to click through reasons why submitting a request to opt-out.  
  • Bundling consents in a way that requires users to consent to both reasonably expected data usage as well as more invasive uses or uses that are unexpected.  
Easy to execute 
  • Circular or broken links. 
  • Non-functional email addresses. 
  • Unnecessarily slow loading times for out-opt functionality. 

   

Again, Australian organisations could take cues from these draft regulations and implement policies that instruct designers to not use these tactics in their designs.  

Avoid Dark Patterns with Privacy 108 

Ensuring dark patterns aren’t included in the design of new products and applications is part of your Privacy by Design approach. If you’re interested in better organisational privacy by implementing PbD, reach out.  

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Consent
Ready to turn insight into action?
Connect with Privacy 108.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy 108 collects your name and contact details to respond to your enquiry and communicate with you about it. If you do not provide this information, we may be unable to respond. We do not disclose this information to third parties. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Talk to us?
Looking to take your business to the next level? Speak with our experts today!
Contact us
Related articles
  • 1300 41 20 50
  • Level 3, 240 Queen St, Brisbane QLD 4000
  • Ground Floor Reception, 3 Spring St, Sydney NSW 2000
  • PO Box 3295, Yeronga QLD 4104
  • Follow us on LinkedIn
Services
Privacy Risk Management Privacy Impact Assessments AI Governance Privacy Legal Services Research and Policy
Company
About Privacy 108 Our Team Careers Insights Contact Us Privacy Policy Terms & Conditions
Subscribe to our newsletter
Subscribe
Privacy 108 Consulting Pty Ltd ABN 52 600 425 885 is an incorporated legal practice registered with the Queensland Law Society. Liability limited by a scheme approved under Professional Standards Legislation.
We respectfully acknowledge the Traditional Owners of the land we work on and pay our respects to their Elders past, present and future in maintaining the culture, country and their spiritual connection to the land.
© 2026 by Privacy 108 Consulting Pty Ltd. ABN 52 600 425 885
Website by DeeperLook
Subscribe to our Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.