Privacy & Information Security Law Blog

On January 24, 2022, a group of state attorneys general (Indiana, Texas, D.C. and Washington) (the “State AGs”) announced their commitment to ramp up enforcement work on “dark patterns” that are used to ascertain consumers’ location data. The State AGs created a plan to initiate lawsuits alleging that consumers of certain online services are falsely led to believe that they can prevent the collection of their location data by changing their account and device settings, when the online services do not, in fact, honor such settings. The State AGs have alleged that this practice constitutes a deceptive and unlawful trade practice under applicable state consumer protection law. The State AGs’ announcement highlights the underlying concern that consumers may be provided with a choice to opt out of location tracking but still have their location data made accessible to certain online service providers.

The term “dark patterns” refers to the ways in which websites and apps can subtly steer users into taking actions they may not originally have intended to take, including through the use of deceptive and manipulative practices and design patterns to influence consumers’ online decisions. These dark patterns allegedly use deceptive design choices to alter users’ decision-making processes in ways that harm users and benefit companies (e.g., repeated nudging, misleading pressure tactics and evasive descriptions of features and settings).

The State AGs’ announcement lists four specific deceptive practices regarding location data that are harmful to consumers. These include:

• Making it impossible for users to opt out of having their location tracked;
• Deceiving users about their ability to protect their privacy through account settings;
• Misleading users about their ability to protect their privacy through their device settings; and
• Relying on dark patterns to undermine users’ informed choices.

The State AGs’ announcement follows a trend at both the state and federal level to address the use of dark patterns by companies. For example, both the California Privacy Rights Act and Colorado Privacy Act prohibit the use of dark patterns in connection with obtaining consent under each law. And at the federal level, the Federal Trade Commission has increased its focus on dark patterns, issuing an enforcement policy in Fall 2021 warning companies against using dark patterns that trick consumers into purchasing subscription services.