Dark Patterns in Personal Data Collection: Definition, Taxonomy and Lawfulness
51 Pages Posted: 31 Mar 2022 Last revised: 31 Oct 2022
Date Written: March 1, 2022
Dark patterns in data protection (DP), as I define them in this work, consist of user interface design choices that manipulate the data subject’s decision-making process in a way detrimental to his or her privacy and beneficial to the service provider. An important part of the study of DP is understanding the cognitive biases they exploit. A cognitive bias is a ‘systematic (that is, non-random and, thus, predictable) deviation from rationality in judgment or decision-making’. DP exploit them, negatively affecting the data subject’s decision-making process. In the present article, I propose a taxonomy for DP. The overall goal of the proposed taxonomy is to help us to understand better and address the legal challenges behind DP, especially how designers affect the data subject’s decision-making process. The GDPR is silent about exploiting cognitive biases, manipulative interface designs, and negative interferences in the decision-making process. It also misses the opportunity to unpack the fairness principle and to present occasions in which unfair practices could spread within the data protection realm, for example, through design. To curb DP, fairness is a central concept, as it reflects the need to balance the asymmetries between controllers and data subjects. The GDPR refers to fairness multiple times, yet, it has no definition thereof, either specificity or enforceability for the concept. Dark patterns are an unfair data collection practice. The way to advance data protection law is by unpacking the idea of fairness so that it can encompass the right of fair data collection, fair data processing, and fair data use. Lastly, when dealing with consent by the data subject, acknowledging cognitive biases and the preventive and corrective measures necessary to mitigate them is indispensable. Human choice will never be perfect, however, in the online environment, any asymmetry is aggravated by the immense processing and analytical powers owned by technology companies. Cognitive biases must be acknowledged, and any choice or interaction framework must overcome them.
Keywords: dark patterns, behavioural biases, data protection, General Data Protection Regulation (GDPR), online manipulation, online privacy
Suggested Citation: Suggested Citation