Dark Patterns: esempi, guida e check-up secondo le linee guida EDPB

Checkup e rimozione
di cookies e traccianti:
per titolari, DPO, CISO,
gestori e installatori di siti e app.

da 249€ + iva
vai
Resta aggiornato News · Telegram


I Dark Patterns invalidano le informative legali

Installare un template, utilizzare un framework css: cosa c'è di piu' semplice ? Tuttaiva il DSA, digital service act, espressamente vieta l'uso dei dark patterns.

I dark patterns producono l'effetto di confondere i visitatori:
  • contenuti
  • interfacce
Non sono validi i consensi raccolti in contesti che usano dark patterns, cosi' come perdono valore le consulenze legali per generare informative complete.


Hindering - Misleading information (Annex checklist 4.4.3)
next
Example 3: When registering to a social media platform via desktop browser, users are invited to also use the platform’s mobile Application. During what looks like another step in the sign-up process, users are invited to discover the app. When they click on the icon, expecting to be referred to an Application store, they are asked instead to provide their number to receive a text message with the link to the App.

Hindering - Longer than necessary (Annex checklist 4.4.2)
next
Example 7: During the sign-up process, users who click on the “skip” buttons to avoid entering certain kind of data are shown a pop-up window asking “Are you sure?” By questioning their decision and therefore making them doubt it, social media provider incites users to review it and disclose these kinds of data, such as their gender, contact list or picture. In contrast, users who choose to directly enter the data do not see any message asking to reconsider their choice.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 10: Users are not provided with any links to data protection information once they have started the sign-up process. Users cannot find this information as none is provided anywhere in the sign-up interface, not even in the footer.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 11: During the sign-up process, users can consent to the processing of their personal data for advertising purposes and they are informed that they can change their choice whenever they want once registered on the social media by going to the privacy policy. However, once users have completed the registration process and they go to the privacy policy, they find no means or clues on how to withdraw their consent for this processing.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 18: In its privacy policy, a social media provider offers many hyperlinks to pages with further information on specific topics. However, there are several parts in the privacy policy containing only general statements that it is possible to access more information, without saying where or how.

Hindering - Misleading information (Annex checklist 4.4.3)
next
Example 28: Users browse their social media feed. While doing so, they are shown advertisements. Intrigued by one ad and curious about the reasons it is shown to them, they click on a “?” sign available on the right bottom corner of the ad. It opens a pop-in window that explains why users see this particular ad and lists the targeting criteria. It also informs users that they can withdraw their consent to targeted advertisement and provides a link to do so. When users click on this link, they are redirected to an entirely different website giving general explanations on what consent is and how to manage it.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 30: Users want to manage the permissions given to the social media platform based on consent. They have to find a page in the settings related to those specific actions and wish to disable the sharing of their personal data for research purposes. When users click on the box to untick it, nothing happens at the interface level and they get the impression that the consent cannot be withdrawn.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 31: A social media provider works with third parties for the processing of its users’ personal data. In its privacy policy, it provides the list of those third parties without providing a link to each of their privacy policies, merely telling users to visit the third parties websites in order to get information on how these entities process data and to exercise their rights.

Hindering - Longer than necessary (Annex checklist 4.4.2)
next
Example 32: A social media provider does not provide a direct opt-out from a targeted advertisement processing even though the consent (opt-in) only requires one click.

Hindering - Dead end (Annex checklist 4.4.1)
next
Example 43: Users click on “exercise my right of access” in the privacy notice, but are redirected to their profile instead, which does not provide any features related to exercising the right.

Hindering - Longer than necessary (Annex checklist 4.4.2)
next
Example 50: When users choose to delete the name and place of their high school or the reference to an event they attended and shared, a second window pops up asking to confirm that choice (“Do you really want to do so? Why do you want to do this?”).

Hindering - Longer than necessary (Annex checklist 4.4.2)
next
Example 57: In this example, users first see a confirmation box to erase their account after having clicked on the corresponding link or button in their account. Even though there is some Emotional Steering in this box, this step can be seen as a security measure in order for users not to delete their account following a mis-click in their account. However, when users Adopted - version for public consultation 58 click on the “Delete my account” button, they are confronted with a second box asking them to textually describe the reason they want to leave the account. As long as they have not entered something in the box, they cannot delete their account as the button associated with the action is inactive and greyed out. This practice makes the erasure of an account Longer than Necessary, especially as asking users to produce a text describing why they want to leave an account requires extra effort and time and should not be mandatory to delete one’s account.

Hindering - Longer than necessary (Annex checklist 4.4.2)
next
Example 58: The social media provider makes it mandatory for users to answer a question about their reasons for wishing to erase their account, through a selection of answers from a drop-down menu. It appears to users that answering this question (apparently) enables them to achieve the action they want, i.e. to delete the account. Once an answer is selected, a pop-up window appears, showing users a way of solving the issue stated in their answer. The question-answer process therefore slows down users in their account erasure process.

Ci sono più esempi per le stesse categorie




Chi siamo

Un team affiatato di consulenti legali, privacy, informatici e marketing che parlano chiaro. Come te.

Giulia Nepi

Giulia Nepi

avvocato civilista
Privacy

Avvocato civilista
Consulente privacy.



Valentino Spataro

Valentino Spataro

Privacy consultant
WordPress dev

Consulente privacy
Sviluppo WordPress e app.



Assistenza

Indicare il link al sito/app e Lasciare i recapiti per essere ricontattati.
Preventivi gratuiti a partire da 249€+iva (salvo no profit)


Dati trattati informaticamente per e per la durata del rapporto commerciale. No newsletter nè profilazione. V. privacy policy

Informazioni

IusOnDemand srl
viale dei Mille 4
20129 Milano, Italia
+39 (Phone) 02 4548 9591
 (Telegram) @iusondemand


Rimozione