Skip to Main Content

Privacy & Data Security Alert

Sept. 6, 2024

CPPA Enforcement Advisory Targets Dark Patterns in Data Privacy: What Businesses Need to Know

By Mallory Acheson, CIPM, CIPP/E, FIP, Daniel C. Lumm, CIPP/US

On Sept. 4, the California Privacy Protection Agency (CPPA) issued an enforcement advisory focused on the use of dark patterns under the California Consumer Privacy Act (CCPA). Dark patterns refer to manipulative user interface designs that deceive or frustrate consumers into making choices they wouldn’t otherwise make, such as hindering their ability to opt out of the sale or sharing of personal data.

The advisory gives specific examples, such as businesses offering an "Accept All" option for cookies but making it difficult or confusing to reject the sale or sharing of data by using tactics like hiding the "Reject All" button or requiring excessive steps. The notice also addresses the importance of clear, transparent processes for consumers to exercise their rights, ensuring that opting out is as easy as opting in.
This enforcement priority signals the CPPA’s growing focus on consumer protections against deceptive practices in the digital landscape. The agency encourages businesses to review their current practices and ensure compliance to avoid penalties as it ramps up enforcement activities.

For more detailed information, you can view the full advisory here.