It’s almost certain that all Internet users have been influenced while giving our consent online, more so in our Personal Data Collection. Let’s all jog our memory, have you tried to unsubscribe from a recurring service and give up? Or have you opted to “accept all” cookies on a website to access the content without an annoying banner covering half of the page?  

If your answer is yes, you’ve encountered a mechanism commonly referred to as “Dark Pattern” in the privacy community. 

Dark patterns exploit human psychology to manipulate our decision-making on the internet. Often the choices we are “nudged” to make benefit the companies providing the website or application we are using but are contrary to our own interests. 

1. Some examples of ways dark patterns are: 
2. buttons or other user interface elements that encourage selecting one option over others via color, size, placement or text format 
3. necessary text that is intentionally made hard to notice via size, color, or placement 
4. interactive elements (like a toggle) that are extremely difficult to select or deselect 
5. making the entity’s preferred action the default selection 
6. a sign-up form that uses complex or confusing language and obscures what the user is really agreeing to 

Dark Patterns and Consent 

Dark patterns are designed and implemented to benefit the company using them. That doesn’t mean they are doing something illegal, but they still achieve their goal of data collection. They do so by complying with the written words of the law, rather than the intention or spirit of the law. 

Through this manipulation of consent, even though the companies on paper are complying with laws, if a complaint is made against them regarding the mechanism used to gain the consent, the authorities aren’t likely to give the offending organization many benefits of the doubt if they have a track record of ethically questionable or negligent behavior. 

Dark Patterns and GDPR 

The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union and those who do business in the EU must adhere to in order to protect privacy. 

One of the key provisions of the GDPR is the requirement to obtain the clear, informed, and active consent of users. 

GDPR’s definition of consent is: 

“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” 
To comply with this provision, businesses cannot perceive that “Silence, pre-ticked boxes or inactivity will constitute consent.” 

Avoiding dark patterns in web design, particularly relating to e-commerce, should be considered more than a best practice: regulators have clearly signaled it is a legal obligation. If you want to run an audit of your consent practices, check out or Regulatory Compliance Service, and Schedule a call with our experts by clicking here.