[STUDENTS POLICY BRIEF] How should the European Union regulate dark patterns?

By Tom Akhurst, Laura Zurdo, Christoph Mautner Markhof & Riccardo Rapparini

---

The Digital, Governance and Sovereignty Chair publishes, on a regular basis, the finest essays and papers written by Sciences Po students in the course of their studies.

This Policy Brief has been selected as one of the best works written during the course taught by Pr Florence G’sell “Comparative Approach to Big Tech Regulation” in Spring 2023.

---

In November 2022, the European Union (EU)’s Digital Services Act (DSA) entered into force. It imposes new duties on online intermediaries aiming to protect users’ fundamental rights online. Among a range of rules, Article 25 establishes a prohibition against dark patterns. This policy brief analyses the DSA’s approach to dark patterns through the following research question: 

“How should the Digital Services Act’s prohibition on dark patterns be implemented?”   

After introducing the policy context and offering a descriptive analysis of the DSA and its antecedents with regard to dark patterns, we will analyse four issues of relevance to Article 25’s implementation. These findings aim to steer the European Commission’s (EC, or the Commission) implementation of Article 25 DSA, highlighting four areas that the Commission must address, whether through guidelines on Article 25 and/or through delegated acts. The discussion will be structured according to the logic of concentric circles, expanding from a narrow to a wide perspective. The first issue discussed—“legal definitions”—explores uncertainties in the terms contained within the Article. The second issue—“legal scope”—zooms out of Article 25 to assess how it might interact with pre-existing regulation of dark patterns, specifically the General Data Protection Regulation (GDPR) and Unfair Commercial Practices Directive (UCPD). Our third issue looks beyond legal meanings to practical implications of enforcement; namely, in what ways Article 25 impacts who enforces dark pattern prohibitions and how they do so. The fourth issue takes a holistic view of the DSA, exploring provisions outside Article 25 that could be used to address dark patterns. Finally, here is a series of recommendations.

1. Clarify terms: manipulative interface personalisation would be better addressed by strengthening GDPR data protection, a potential deceitful effect should be enough to meet Article 25 the standard used to assess if a practice is likely to deceive should be lower than the average consumer, to account for digital asymmetries.
2. Clarify scope: Define the interplay of the scopes of the DSA, UCPD and GDPR.
3. Coordinate enforcement, especially between Digital Service Coordinators and consumer authorities.
4. Harness the full “DSA toolbox”, as there are other provisions within the DSA that can be used to tackle dark patterns, beyond the Article 25 prohibition.

---

Tom Akhurst: Master in Public Policy, Digital, New Technology and Public Policy stream; Bachelor of Arts graduate, University of Melbourne; first class honours thesis on China’s ‘Digital Silk Road’; former speechwriter to a minister in the Australian Government; former research scholar at Blueprint Institute.

Laura Zurdo: Master in Public Policy, Digital, New Technology & Public Policy stream; Law and International Relations Graduate, Universidad Pontificia de Comillas – ICADE; Policy Analyst at Tremau.

Christoph Mautner Markhof: Master in Public Policy: Digital, New Technologies and Public Policy stream; Politics, Psychology, Law and Economics (PPLE), University of Amsterdam; Majored in Politics.

Riccardo Rapparini: Master in Public Policy – Digital, New Technology and Public Policy stream; BSc in Philosophy, Politics and Economics (PPE), Vrije Universiteit Amsterdam; External Consultant at OECD AI Policy Observatory.