Deceptive Patterns
‹ All reading

Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective

Author
Philippe Valoggia, A. Sergeeva, Arianna Rossi, M. Botes
Date
1 Jan 2024
Publisher
International Conference on Information Systems Security and Privacy
Focus
Privacy & Data Protection
Category
Academic Scholar

To improve the actionability of the knowledge about dark patterns for the privacy engineering community, a selection of existing dark patterns classifications were matched with the ISO/IEC 29100:2011 standard on Privacy Principles by performing an iterative expert analysis, which resulted in clusters of dark patterns that potentially violate the ISO privacy engineering requirements.

: The privacy engineering literature proposes requirements for the design of technologies but gives little guidance on how to correctly fulfil them in practice. On the other hand, a growing number of taxonomies document examples of how to circumvent privacy requirements via ”dark patterns,” i.e., manipulative privacy-invasive interface designs. To improve the actionability of the knowledge about dark patterns for the privacy engineering community, we matched a selection of existing dark patterns classifications with the ISO/IEC 29100:2011 standard on Privacy Principles by performing an iterative expert analysis, which resulted in clusters of dark patterns that potentially violate the ISO privacy engineering requirements.