California Bans ‘Dark Pattern’ Web Design that Tricks Users

Participant hold their laptops in front of an illuminated wall at the annual Chaos Computer Club (CCC) computer hackers' congress, called 29C3, on December 28, 2012 in Hamburg, Germany. The 29th Chaos Communication Congress (29C3) attracts hundreds of participants worldwide annually to engage in workshops and lectures discussing the role …
Patrick Lux/Getty

The state of California has reportedly banned “dark patterns,” which are user interfaces designed to trick and frustrate users in order to take advantage of them. Web sites designed to make it difficult to cancel subscriptions are one example of dark pattern design.

The Verge reports that the state of California announced this week that it is banning the use of “dark patterns” that stop users from opting out of the sale of their personal data.

“Dark patterns” are defined user interfaces designed to trick and frustrate users, The Verge notes that if you have ever struggled to navigate an online customer service page to cancel a subscription or delete an account then you have likely encountered “dark patterns.”

The updated regulation strengthens the enforcement of the 2018 California Consumer Privacy Act (CCPA) which is already one of the toughest consumer privacy laws in the United States. The CCPA gives California residents the right to say “no to the sale of personal information,” but now the state government is worried that saying no may be significantly harder for users due to these dark patterns.

California Attorney General Xavier Becerra said in a press statement that by banning these dark patterns the state will “ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights.”

The newly-approved regulation does not ban all of these dark patterns, only those that have “the substantial effect of subverting or impairing a consumer’s choice to opt-out” of schemes where their personal data is being sold to third parties. The Verge reports that these dark patterns include:

  • Using confusing language like double-negatives (eg “Don’t Not Sell My Personal Information”)
  • Forcing users to “click through or listen to reasons why they should not submit a request to opt-out before confirming their request.”
  • Requiring users to “search or scroll through the text of a privacy policy or similar document or webpage to locate the mechanism for submitting a request to opt-out.”

Businesses that are found to not comply with the CCPA will receive a “notice to cure,” which gives them a 30-day window to fix the issue.

Becerra’s office stated: “Since CCPA enforcement began on July 1, 2020, the Department has seen widespread compliance by companies doing business in California, especially in response to notices to cure.”

Read more at the Verge here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address


Please let us know if you're having issues with commenting.