Recent EU Digital Fairness Fitness Check Shines Light on Deceptive Patterns
Deceptive design patterns, also known as dark patterns and deceptive patterns, have been a recurring consumer law issue for the European Union for quite some time. The spotlight was firmly fixed on them in the recent Digital Fairness Fitness Check (the “Fitness Check”), which was published in October 2024, and which examines the current regulatory landscape of deceptive patterns and consumer law generally.
In this article, we break down the legislative framework of deceptive patterns and analyse potential future developments in this space.
What are Deceptive Patterns?
Deceptive patterns are manipulative design techniques for online interfaces that nudge consumers into performing certain actions or impair the ability of a consumer to make informed choices. While there is no authoritative definition of deceptive patterns, the Fitness Check describes deceptive patterns as “commercial practices deployed through the structure, design or functionalities of digital interfaces or system architecture that can influence consumers to take decisions they would not have taken otherwise”.
Some examples of common deceptive patterns include:
- Fake urgency notifications, i.e., use of countdown timers or claims that a product is low in stock or high in demand.
- Confusing language and design, which leaves consumers feeling confused or uncertain about what they are signing up to.
- “Confirmshaming” which works by triggering uncomfortable emotions like guilt or shame to influence decision-making. For example, where a consumer declines an offer or discount and receives a message like “are you sure you don’t want a discount?”.
How common are deceptive patterns really?
The evidence suggests that deceptive patterns are prolific. For example, the Fitness Check found that deceptive patterns became highly prevalent during the evaluation period (2017 – 2023). Further, the Commission’s 2022 deceptive patterns study showed that 97% of the most popular websites and apps used by EU consumers deployed at least one deceptive pattern. Additionally, the U.S FTC’s study on deceptive patterns (published 10 July 2024) revealed that of the 642 websites and apps examined, more than three-quarters (76 percent) of the sites and apps employed at least one possible deceptive pattern, while nearly 67 percent used multiple possible deceptive patterns.
There has been a recent push by regulators to curb the tide of deceptive patterns via enforcement actions:
- TikTok was fined €345,000,000 by the Irish DPC because TikTok’s preselection of “public-by-default” accounts was considered a deceptive pattern.
- Amazon Prime is under investigation by the FTC on foot of allegations that its subscription model includes a complicated and lengthy cancellation process. Amazon was also fined €7.48 million by the Polish consumer protection watchdog for its use of countdown timers.
- Fortnite creator Epic Games was fined US $245,000,000 by the FTC for using deceptive patterns that misled players, often children, into making unwanted purchases in-game.
Deceptive patterns are currently addressed to varying extents under the following EU legislation:
| EU Legislation | Scope |
|---|---|
| Unfair Commercial Practices Directive (“UCPD”) | Annex 1 of the UCPD contains a limited blacklist of misleading and aggressive commercial practices (which can be construed as deceptive patterns). |
| Consumer Rights Directive | Express prohibitions on using default settings of pre-ticked boxes for additional payments. |
| Distance Marketing of Financial Services Directive | New requirement to ensure that traders do not apply deceptive patterns on distance financial services contracts. |
| Digital Services Act (“DSA”) | Requirement that online platforms should not design or operate websites in a way that deceives or manipulates users and impairs users’ abilities to make free and informed decisions. However, the scope application of this provision is limited to very large online platforms. |
| Artificial Intelligence Act | Prohibits the use of AI systems that use deceptive techniques or exploit people’s vulnerabilities in order to impair people’s ability to make informed decisions. |
| Digital Markets Act | Large platforms are prohibited from using manipulative design techniques that lead the user to make decisions for the benefit of the platform at their own expense. |
| Data Act | Prohibits third parties from using deceptive patterns to make it difficult for consumers to exercise their rights or make informed choices regarding their data. |
Results of the Fitness Check
The Fitness Check evaluates whether the current EU consumer law framework provides sufficient protection to consumers online. The Fitness Check concludes that the current framework was developed for the “offline” world and highlights the need for legislative change because consumers behave differently in the online sphere. The Commission also found that the effectiveness of the current framework is undermined by insufficient enforcement, legal uncertainty, increasing risk of regulatory fragmentation and the lack of incentives for businesses to aim for the highest standard of protection. It is estimated that EU consumer detriment resulting from problems experienced in the digital environment can be quantified at approx. €7.9 billion per year.
What’s Next?
The European Commission is expected to launch a public consultation in 2025 for a “Digital Fairness Act” (“DFA”), for which we may see draft legislation in 2026. The DFA will aim to combat unfair and unethical commercial practices online and address the lacunas relating to deceptive patterns in the current regulatory framework, as uncovered by the Fitness Check. Recently appointed Commissioner for democracy, justice, the rule of law and consumer protection, Michael McGrath has outlined in his mission letter to the President of the European Commission that developing the DFA is a priority during his tenure.
However, as the EU responds to claims of EU overregulation of the tech sector, both within the bloc and further afield, it is unclear whether the EU Digital Fairness Act will come into fruition in the short to medium term. Nonetheless, the DFA may provide an opportunity to clarify, consolidate and harmonise the EU’s regulation of deceptive patterns.
For further information on the EDPB Guidelines on Deceptive Patterns, see our briefing here; The EDPB Sheds Light on the Use of Dark Patterns by Social Media Companies.
Related Knowledge
Employee Monitoring at Work: Regulatory enforcement actions against excessive employee monitoring practices continue
Navigating Age Assurance in the Online World: A Statement from the EDPB
