10 Examples of Manipulative Consent Requests
“Darkish patterns” are misleading consumer interfaces that trick folks into performing towards their finest pursuits.
The Normal Information Safety Regulation (GDPR) gives a “gold commonplace” of consent—it have to be knowledgeable, particular, unambiguous, and freely given by way of a transparent, affirmative motion. This robust consent definition additionally seems in lots of US state privateness legal guidelines, and new information safety laws worldwide.
Regulators from the European Information Safety Board (EDPB) to the US Federal Commerce Fee (FTC) have issued steerage and warnings about how utilizing manipulative design patterns can violate information safety, privateness and client safety regulation.
Listed here are ten examples of darkish patterns, with illustrated examples that will help you perceive how you can keep away from them.
Official Steering on Darkish Patterns
Our darkish patterns steerage relies on a number of authoritative sources:
For extra details about GDPR consent, see What Is Consent Under the GDPR?
Darkish patterns are frequent in web sites and apps. On this steerage, we’re specializing in cookie banners. Nonetheless, the identical rules apply to consent requests in many various conditions.
All through the article, we’ve offered illustrations of “good” and “dangerous” cookie banners. These are simply examples—even the “good” variations gained’t be compliant in all circumstances. For instance, you’ll normally want to offer extra details about cookies, plus a hyperlink to your privateness discover.
1. Assumed Consent
Consent must be given by way of a “clear affirmative motion”. In accordance with the EDPB, actions like scrolling up and down a webpage or navigating a web site don’t rely.
This implies it is best to by no means assume you might have an individual’s consent. Cookie banners like the instance beneath don’t represent a sound consent request.
Be aware that for those who use “important” cookies that don’t require consent, you should use a cookie banner with out buttons—however a banner like serves solely to tell your customers that you simply use “important” or “strictly mandatory” cookies, to not get consent.
2. Pre-Ticked Containers
As famous, consent must be given by way of a “clear affirmative motion”. This guidelines out “pre-ticked” containers, such because the one on this instance:
Pre-ticked containers don’t present an unambiguous indication of the consumer’s consent. The consumer might need consciously determined to go away the field ticked—or maybe they merely didn’t discover the field.
It’s OK to make use of tick containers — however let the consumer take motion, and don’t set cookies until they accomplish that. Go away the field unticked, like this:
In the event you use multiple sort of cookie, you may also use a number of tickboxes, like this:
3. Unclear Language
For consent to be “unambiguous”, the request have to be clear. This additionally pertains to the GDPR’s “transparency” precept and the final requirement to use clear and plain language.
Some consent requests use unclear language that is likely to be meant to trick customers into giving a selected response. Right here’s an instance:
To make sure your consent requests are unambiguous, it’s finest to keep away from double negatives and to stay with easy decisions like “Settle for” or “Reject”.
4. Legalese
One other all-too-common approach to confuse customers is to make use of “legalese”: dense authorized or technical language that the common individual is not going to simply perceive.
Right here’s an instance:
This wall of textual content is legally coherent, however solely information safety and privateness specialists are possible to have the ability to perceive it.
The GDPR and ePrivacy Directives are legal guidelines, however it is best to keep away from authorized language when requesting consent.
5. No ‘Reject’ Button
Consent must be “freely-given”. Folks shouldn’t consent just because it’s the best choice.
Let’s take into account a typical method through which many web site operators make it simpler to just accept than refuse consent.
Typically the “Settle for” choice seems on the primary “layer” of a cookie banner, whereas the “Refuse” choice is hidden behind a “Handle Preferences” or “Settings” menu.
Right here’s how this may look:
With this sort of cookie banner, accepting cookies requires just one click on, whereas refusing cookies requires not less than two.
To make it as simple to offer consent as to refuse consent, you’ll be able to provide folks this selection on the primary “layer” of your cookie banner. You possibly can nonetheless present a “Handle Preferences” or “Settings” button to offer folks extra detailed decisions.
Be aware: This suggestion comes from EDPB steerage, however there wasn’t a unanimous settlement among the many regulators. Some information safety authorities consider that the “Reject” button can seem on the second layer of the banner, behind the “Handle Preferences” button.
6. Misleading Hyperlink Design
The EDPB’s “Cookie Banner Taskforce” discovered that some web sites provide a “Reject” button on the primary layer of their cookie banner—however fairly than implementing the consumer’s consent selection, the “Reject” button results in a settings menu.
That is a transparent instance of misleading design and arguably violates the GDPR’s “equity” precept. Buttons ought to do what folks moderately count on.
7. Emotional Steering
One other method to make sure you’re offering a free selection is to keep away from emotional or persuasive language.
It’s OK to make use of your model’s voice when offering privateness and cookie notices. However attempt to preserve your language as goal as potential.
Right here’s an instance of a cookie banner that clearly “steers” the consumer in direction of accepting cookies:
Some corporations additionally use this emotional language to attempt to persuade folks to not withdraw their consent or unsubscribe from advertising and marketing communications.
If somebody needs to withdraw their consent, it’s essential to permit them to take action. Right here’s an instance of an organization making an attempt to “guilt-trip” its customers:
Beneath the GDPR, folks have the absolute proper to withdraw their consent. This implies it is best to keep away from making an attempt to influence your customers to not train this proper.
8. Cookie Partitions
A “cookie wall” denies the consumer entry to a web site or service until they consent to cookies.
In its 2020 consent tips, the EDPB states that “entry to providers and functionalities should not be made conditional on the consent of a consumer… (so-called cookie partitions)”.
Right here’s an instance of how a cookie wall may look:
Confronted with a cookie wall, the consumer has no selection however to consent in the event that they wish to entry the web site. However this “consent” will not be freely-given. Attempt to make your cookie banner as unobtrusive as potential.
9. Misleading Button Colors
One other, extra refined approach to affect customers’ decisions is by utilizing completely different colored buttons designed to steer customers in direction of a selected choice.
Right here’s an instance:
The “Settle for All” button is vivid blue, whereas the opposite choices mix in with the banner’s background.
If you wish to guarantee your customers are offering freely-given consent, it is best to keep away from utilizing completely different colors for various decisions.
10. Misleading Button Distinction
This closing “darkish sample” is carefully linked to the earlier instance.
Some web sites attempt to de-emphasise sure buttons by utilizing a font that doesn’t distinction with the background. Right here’s how this may look:
All of the button colors are the identical, however “Settle for All” choice is way more distinguished. That is one other misleading design sample that it is best to keep away from for those who’re in search of GDPR-standard consent.
Avoiding Darkish Patterns Reduces Threat and Helps Construct Belief
We’ve checked out ten darkish sample examples, however there are various extra.
Each time requesting consent, put your self within the consumer’s sneakers—are they making a free, unambiguous, knowledgeable selection?
Regulators are increasing enforcement towards corporations that use darkish patterns.
However past the enforcement danger, utilizing sincere and non-manipulative consent requests may help you construct belief along with your prospects and make sure you perceive folks’s true preferences.