Dark Patterns in Action: Privacy-by-design or Deceived-by-design?
Enlightenment in Delusion
The trust in the Internet has been lost. Yet we use technology more than ever before. Every single day, millions of applications are being downloaded and fed by personal data. Whoever knows what it is being used for. We have been promised to be protected. We have heard “privacy-by-design” many times now, but have we understood it? Probably we did not. As we are still being deceived-by-design by many applications.
Yet things are supposed to have changed. “Businesses took actions”, we wish to believe… And some of them really did. The problem, however, is that we see the majority of companies only partially resolving the personal data management and privacy compliance challenges. Whereas according to the GDPR, privacy should be embedded in every aspect of personal data collecting apps. Starting from the very beginning of establishing the relationship between the two parties, through the part that is visible for the users: the UI.
The Beauty and the Beast in UI: Privacy-by-design or Deceived-by-design?
UI Design is a big part of today’s software applications. More than a pretty look, it is what allows companies to interact with their users and guide them through their app. In terms of compliance, it is also what allows them to ask for users’ consent and provide their users with the means to execute their rights to privacy. Which is why companies should be careful not to include marketing practices that go against privacy requirements when building their designs.
Still, while we often speak about user-experience and user-engagement, we rarely discuss the “dark patterns”: the tricks used in UI designs to make users do things online that they would normally not do. Have you ever heard about them?
Dark patterns are the tricks that make you:
…Consent to things that you are not even aware of.
…Share more information about you that you really want to, an action that became popular as “Privacy Zuckering”.
…Pay for things you didn’t even want to buy in the first place.
Whichever it is, it is highly probable that you have been deceived-by-design many times already. The problem is: while UI design can be used to nudge people into making the best choices for themselves, it can also be used to deceive them into sharing more of their personal data than they would usually like to. But what is the “right” choice for the user?
Nudging users into making the « right » decisions
If personal data collecting apps aren’t easy to implement in terms of compliance, they certainly aren’t easy to design in this regard as well. Practically: how to strike the right balance between best marketing practices and data privacy regulations?
When persuasion becomes manipulation.
While the GDPR poses legal frontiers to nudge companies into making the “right” choice for their users, recent studies show that they still have a hard time going against their own business interest especially at a time when data brokerage shows to be a particularly profitable business. Yet, there are other ways to monetize personal data, and even based on a privacy-approach.
Some pathways and actions are more enticing than others. Of course, it can be fun to use gamification techniques to make an App more appealing and increase users’ engagement, but some lines shouldn’t be crossed. Especially when speaking of mobile health applications. For example, mental health-websites that sell personal data, such as the results of depression tests, to 3rd parties – such as the case with Doctissimo.
Is it game over? Take it to the next level: Dark Patterns for good
Light the way. Dark patterns might be properly used. We have seen typical ‘dark’ patterns, being used for the right reasons, for example in Open Banking. Ethically Evil: how to use dark patterns for good
So, the question remains: how to strike the right balance between best marketing practices and data privacy regulations?
It is all about a shift in Mindset: Achieving privacy should not be seen as a problem, but rather as the goal. So Make trust your first priority! And next time you need to implement a new design for your app, start with “what” not “why”, and ask yourself: what is the goal of this application and how to ensure privacy-by-design, turning it into your winning ticket? You’ll be surprised what you can come up with!
Welcome to Privacy-as-a-State-of-Mind: We had a hand in.
For us at Pryv, achieving privacy is not about resolving compliance, it is the goal: privacy as a norm. As a back-end privacy provider, we can certainly help businesses collecting personal data to embed privacy into their systems, ensuring that the data they are collecting is consented rightly, managed and stored, compliantly. Yet, this is just one side of the coin. Companies have to meet us halfway to build a fully privacy-by-design, compliant solution.
Evelina & Stephanie