FTC vs. Dark Patterns in Privacy

Last week, the Federal Trade Commission (FTC) issued a proposed order banning BetterHelp, a company offering online counseling services, from sharing consumers’ health data with advertisers. The company will also have to pay $7.8 million in restitution to customers.

At the core of the?FTC’s complaint ?was BetterHelp's engagement in deceptive and unfair practices regarding health information from Jan/2013 to Dec/2020. These practices harmed consumers financially (some consumers paid a premium price based on BetterHelp’s privacy assurances) and emotionally (people who had sensitive information disclosed without their consent).

The aspect that I want to highlight from this case is the FTC's focus on BetterHelp's deceptive design practices. In the FTC complaint, they added screenshots, such as the one below, to show that BetterHelp assured customers that their health information would remain private:

Another screenshot highlights how BetterHelp's privacy policy was shown "in small, low-contrast writing that is barely visible at the bottom of the page":

The FTC also highlighted, in a third screenshot, that "despite including a link to the privacy policy, the banner effectively dissuaded Visitors from reading the privacy policy by stating, until October 2020, that Respondent (BetterHelp) would ‘never sell or rent any information you share with us.’"

This FTC complaint makes clear that having a well-drafted privacy policy is not enough to fulfill compliance requirements. Design matters. A company's website's interface, pop-ups, notifications, and interface-mediated communications with customers can reflect privacy commitments (or the absence thereof).

The fact that the FTC is interested in tackling dark patterns is not new. Last year, they held a workshop and issued a report called Bringing Dark Patterns to Light, "showing how companies are increasingly using sophisticated design practices known as “dark patterns” that can trick or manipulate consumers into buying products or services or giving up their privacy."

I have discussed dark patterns in privacy extensively in this newsletter, and my view is that these recent developments led by the authorities are positive and welcome. We are ubiquitously surrounded by data-intensive business models, which end up intermediating, at some point, almost the entirety of our online and offline activities. As I wrote last week, our autonomy is at risk , as organizations are constantly attempting to bypass it and make us share more (or more sensitive) personal data with them - through interface tricks such as dark patterns.

Companies should not be only required to have comprehensive, transparent, and usable privacy policies (which, realistically, only very few customers will read). They should also be required to implement privacy in their design, code, culture, strategy, and all interactions with their customers and partners. Companies sometimes forget that behind the data, there are human beings, and they are the focus of privacy laws' provisions.

?? As I have been showing for weeks, both EU and US authorities are regulating (and issuing fines) against dark patterns in privacy. Bring a competitive advantage to your company and learn how to avoid them: join our next live course in April, Privacy-Enhancing Design : The Anti-Dark Patterns Framework (4 weeks, 1 live session per week + additional material). Check out the program and?register now?using the coupon TPW-10-OFF to get 10% off . To learn more about our courses, or to organize a private cohort for your organization, visit:?implementprivacy.com/courses

--

???Upcoming privacy events

On 16/Mar, in the 2nd edition of 'Women Advancing Privacy', I will discuss with Dr. Ann Cavoukian, the inventor of Privacy by Design:

• The origins of Privacy by Design
• How it is essential for businesses, especially today
• Her new Privacy by Design ISO certification
• How we should think of Privacy by Design in the Age of AI

This will be a fascinating conversation. Join 880+ confirmed attendees here . To watch our previous events, check out my YouTube channel .

--

?? List of recommended papers - March 2023

This is our March 2023 list of recommended papers in the fields of privacy, AI, and tech:

• "The Case for Designing Tech for Social Cohesion: The Limits of Content Moderation and Tech Regulation" by Lisa Schirch:?https://lnkd.in/dg32UXGv
• "Privacy Decisions are not Private: How the Notice and Choice Regime Induces us to Ignore Collective Privacy Risks and what Regulation should do about it" by Christopher Jon Sprigman & Stephan Tontrup:?https://lnkd.in/dtzX6U2D
• "Gender Data in the Automated Administrative State" by Ari Ezra Waldman:?https://lnkd.in/dzvTDZwE
• "Open AI in Education, the Responsible and Ethical Use of ChatGPT Towards Lifelong Learning" by David Mhlanga:?https://lnkd.in/dZ2TAFbY
• "Distinguishing Privacy Law: A Critique of Privacy as Social Taxonomy" by María P. Angel & Ryan Calo:?https://lnkd.in/dfaUnBph
• "Regulating Algorithmic Management: A Blueprint" by Jeremias Adams-Prassl, Halefom H. Abraha, Aislinn Kelly-Lyth, M. Six Silberman & Sangh Rakshita:?https://lnkd.in/d9Z9eqwW
• "Amicus Brief on the Constitutionality of the California Age-Appropriate Design Code's Age Assurance Requirement (NetChoice v. Bonta)" by Eric Goldman:?https://lnkd.in/dF5hVfJz
• "The Matrix of Privacy: Data Infrastructure in the AI-Powered Metaverse" by Leon Yehuda Anidjar, Nizan Geslevich Packin & Argyri Panezi:?https://lnkd.in/dpfavzrp
• "A Scanner Darkly: Copyright Infringement in Artificial Intelligence Inputs and Outputs" by Andrés Guadamuz:?https://lnkd.in/dmjEJ3c6
• "Ready for the EU Digital Services Act? How Decisions by Apple and by Google Impede App Privacy" by Konrad Kollnig & Nigel Shadbolt:?https://lnkd.in/dEUxvDhi

--

?? Trending on social media

Interact with this tweet here .

--

???Privacy & data protection careers

We have gathered relevant links from large job search platforms and additional privacy jobs-related info on our?Privacy Careers ?page. We suggest you bookmark it and check it periodically for new openings. Wishing you the best of luck!

--

? Before you go:

• Did you enjoy this article? Share it with your network so they can subscribe to?The Privacy Whisperer .
• For more privacy-related content, check out?The Privacy Whisperer Podcast ?and my?Twitter ,?LinkedIn ?&?YouTube ?accounts.
• At Implement Privacy, I offer specialized?privacy courses ?to help you advance your career. I invite you to check them out and get in touch if you have any questions.

See you next week. All the best,?Luiza Jarovsky