Tsaaro Weekly Privacy Newsletter
22nd July, 2022
22nd July, 2022
Dark Patterns; Its effects on Consent & Compliance
It’s almost certain that all Internet users have been influenced while giving our consent online, more so in our Personal Data Collection. Let’s all jog our memory, have you tried to unsubscribe from a recurring service and give up? Or have you opted to “accept all” cookies on a website to access the content without an annoying banner covering half of the page?
If your answer is yes, you’ve encountered a mechanism commonly referred to as “Dark Pattern” in the privacy community.
Dark patterns exploit human psychology to manipulate our decision-making on the internet. Often the choices we are “nudged” to make benefit the companies providing the website or application we are using but are contrary to our own interests.
- Some examples of ways dark patterns are:
- buttons or other user interface elements that encourage selecting one option over others via color, size, placement or text format
- necessary text that is intentionally made hard to notice via size, color, or placement
- interactive elements (like a toggle) that are extremely difficult to select or deselect
- making the entity’s preferred action the default selection
- a sign-up form that uses complex or confusing language and obscures what the user is really agreeing to
Dark Patterns and Consent
Dark patterns are designed and implemented to benefit the company using them. That doesn’t mean they are doing something illegal, but they still achieve their goal of data collection. They do so by complying with the written words of the law, rather than the intention or spirit of the law.
Through this manipulation of consent, even though the companies on paper are complying with laws, if a complaint is made against them regarding the mechanism used to gain the consent, the authorities aren’t likely to give the offending organization many benefits of the doubt if they have a track record of ethically questionable or negligent behavior.
Dark Patterns and GDPR
The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union and those who do business in the EU must adhere to in order to protect privacy.
One of the key provisions of the GDPR is the requirement to obtain the clear, informed, and active consent of users.
GDPR’s definition of consent is:
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
To comply with this provision, businesses cannot perceive that “Silence, pre-ticked boxes or inactivity will constitute consent.”
Avoiding dark patterns in web design, particularly relating to e-commerce, should be considered more than a best practice: regulators have clearly signaled it is a legal obligation. If you want to run an audit of your consent practices, check out or Regulatory Compliance Service, and Schedule a call with our experts by clicking here.
Tsaaro Weekly Privacy Newsletter
22nd July, 2022
22nd July, 2022
Dark Patterns; Its effects on Consent & Compliance
It’s almost certain that all Internet users have been influenced while giving our consent online, more so in our Personal Data Collection. Let’s all jog our memory, have you tried to unsubscribe from a recurring service and give up? Or have you opted to “accept all” cookies on a website to access the content without an annoying banner covering half of the page?
If your answer is yes, you’ve encountered a mechanism commonly referred to as “Dark Pattern” in the privacy community.
Dark patterns exploit human psychology to manipulate our decision-making on the internet. Often the choices we are “nudged” to make benefit the companies providing the website or application we are using but are contrary to our own interests.
- Some examples of ways dark patterns are:
- buttons or other user interface elements that encourage selecting one option over others via color, size, placement or text format
- necessary text that is intentionally made hard to notice via size, color, or placement
- interactive elements (like a toggle) that are extremely difficult to select or deselect
- making the entity’s preferred action the default selection
- a sign-up form that uses complex or confusing language and obscures what the user is really agreeing to
Dark Patterns and Consent
Dark patterns are designed and implemented to benefit the company using them. That doesn’t mean they are doing something illegal, but they still achieve their goal of data collection. They do so by complying with the written words of the law, rather than the intention or spirit of the law.
Through this manipulation of consent, even though the companies on paper are complying with laws, if a complaint is made against them regarding the mechanism used to gain the consent, the authorities aren’t likely to give the offending organization many benefits of the doubt if they have a track record of ethically questionable or negligent behavior.
Dark Patterns and GDPR
The General Data Protection Regulation (GDPR) is a set of regulations that member states of the European Union and those who do business in the EU must adhere to in order to protect privacy.
One of the key provisions of the GDPR is the requirement to obtain the clear, informed, and active consent of users.
GDPR’s definition of consent is:
“Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
To comply with this provision, businesses cannot perceive that “Silence, pre-ticked boxes or inactivity will constitute consent.”
Avoiding dark patterns in web design, particularly relating to e-commerce, should be considered more than a best practice: regulators have clearly signaled it is a legal obligation. If you want to run an audit of your consent practices, check out or Regulatory Compliance Service, and Schedule a call with our experts by clicking here.
Major Privacy Updates of the Week
Massive Cyber Attacks Hit Romanian Government
The websites of the federal government of Albania were taken offline by a “massive cyber-attack.” The federal government claimed that the tragedy was the result of a coordinated “strike from overseas.” National Company of Facts Culture briefly shut down online businesses and other governmental websites.”
Massive Cyber Attacks Hit Romanian Government
The websites of the federal government of Albania were taken offline by a “massive cyber-attack.” The federal government claimed that the tragedy was the result of a coordinated “strike from overseas.” National Company of Facts Culture briefly shut down online businesses and other governmental websites.”
China fines Didi Global $1.2 bn for data security infringement
China has fined global mobility technology platform Didi Global around $1.2bn (8.026 billion yuan) for violating the country’s network security law, data security law and personal information protection law. The Cyberspace Administration of China (CAC), the country’s cybersecurity regulator, also fined two Didi executives 1 million yuan each for the infringements.
China fines Didi Global $1.2 bn for data security infringement
China has fined global mobility technology platform Didi Global around $1.2bn (8.026 billion yuan) for violating the country’s network security law, data security law and personal information protection law. The Cyberspace Administration of China (CAC), the country’s cybersecurity regulator, also fined two Didi executives 1 million yuan each for the infringements.
European Commission Sued for Breaching Its Own Data Protection Laws
The government body of the European Union, the European Commission, is facing a lawsuit over an alleged data breach related to transferring personal data from Europe to the U.S. The lawsuit—now admitted by the General Court of the European Union (EGC)—alleges the use of Amazon Web Services, the use of Facebook login on a Commission website, and an incomplete and omitted disclosure to the EU citizens.
European Commission Sued for Breaching Its Own Data Protection Laws
The government body of the European Union, the European Commission, is facing a lawsuit over an alleged data breach related to transferring personal data from Europe to the U.S. The lawsuit—now admitted by the General Court of the European Union (EGC)—alleges the use of Amazon Web Services, the use of Facebook login on a Commission website, and an incomplete and omitted disclosure to the EU citizens.
UK Data Reform Bill Enters Parliament, also releases AI guide
The UK government has published a guide to artificial intelligence (AI) regulation and introduced data protection and digital rights legislation into parliament as part of post-Brexit data reforms. The AI guide has been published to help develop consistent rules to promote innovation in technology while maintaining public protection.
UK Data Reform Bill Enters Parliament, also releases AI guide
The UK government has published a guide to artificial intelligence (AI) regulation and introduced data protection and digital rights legislation into parliament as part of post-Brexit data reforms. The AI guide has been published to help develop consistent rules to promote innovation in technology while maintaining public protection.
Unpatched Micodus GPS Tracker Vulnerabilities Allow Hackers to Remotely Disable Cars
Unpatched flaws in popular GPS devices could allow attackers to disrupt and track vehicles, security researchers have warned. Security company BitSight described six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker, a popular device designed for vehicle fleet management and theft protection. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning.
Unpatched Micodus GPS Tracker Vulnerabilities Allow Hackers to Remotely Disable Cars
Unpatched flaws in popular GPS devices could allow attackers to disrupt and track vehicles, security researchers have warned. Security company BitSight described six ‘severe’ vulnerabilities in the MiCODUS MV720 GPS tracker, a popular device designed for vehicle fleet management and theft protection. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning.
Curated by: Prajwala D Dinesh, Ritwik Tiwari, Ayush Sahay
WEEKLY PRIVACY NEWSLETTER
Keep up to pace with this high-impact weekly privacy newsletter that
features significant data privacy updates, trends, and tools that can
help to make your life secure & easier every day!
*By clicking on subscribe, I agree to receive communications from Tsaaro