Deceptive Patterns: Book by Harry Brignull

Chapter 28: Legislation in the United States

Like the EU, the United States also has a number of existing laws that cover deceptive patterns. In a 2022 staff report, the FTC stated that it intends to take action against companies that use deceptive patterns when they violate the FTC Act, ROSCA, TSR, TILA, CAN-SPAM, COPPA, ECOA (plus other statutes and regulations).1 These are the main federal laws that the FTC sees as relevant to deceptive patterns.

The Federal Trade Commission Act

The Federal Trade Commission (FTC) Act doesn’t mention anything about deceptive patterns, but that’s because it was enacted over a hundred years ago in 1914. Even so, it has lots of good stuff in it that prohibits unfair or deceptive practices in commerce, and so it can be used to address deceptive patterns indirectly. This law also established the FTC as the agency responsible for enforcing the law. Much of the FTC’s work is done under section 5 of the FTC Act which prevents unfair and deceptive acts and practices. The test for unfairness consists of three elements:

  • Substantial injury: The practice causes harm to consumers, or is likely to do so.
  • Not reasonably avoidable: The injury must not be reasonably avoidable by consumers.
  • Not outweighed by benefits: The injury must not be outweighed by countervailing benefits to consumers or competition.

In the words of former FTC commissioner Rebecca Slaughter at the Computers, Privacy and Data Protection conference in 20222: ‘That is a complicated test… That’s why we’ve used [the provisions for] deception more, because it is an easier test to meet!’ The deception test is simpler, which Slaughter cheerfully summarises as ‘Don’t lie about what you’re doing – with data or otherwise – or we will sue you’. The deception test consists of three elements:

  • Representation, omission, or practice: There must be a representation, omission, or practice that is likely to mislead the consumer.
  • Reasonable consumer: The representation, omission, or practice must be examined from the perspective of a reasonable consumer in the given circumstances.
  • Materiality: The misleading representation, omission, or practice must be material, meaning it is likely to affect the consumer’s decision regarding the product or service.

To summarise: by applying the tests for deception or unfairness, the FTC can investigate and take enforcement actions against businesses using deceptive patterns that mislead or harm consumers, thus protecting consumers and promoting fair competition.

Other US federal laws

A number of other federal laws indirectly relate to deceptive patterns. For example:

  • ECOA (1974): Equal Credit Opportunity Act is a federal law that prohibits lenders from discriminating against borrowers on the basis of race, colour, national origin, religion, sex, marital status, age, or receipt of public assistance. The ECOA does not cover deceptive patterns directly, but it is possible for deceptive patterns to be used in a manner that is covered by this law, such as misdirection or hidden costs in loan or credit application forms.
  • COPPA (1998): Children’s Online Privacy Protection Act is a federal law that requires websites and online services to obtain parental consent before collecting personal information from children under the age of 13. COPPA does not cover deceptive patterns directly, but it is applicable when deceptive patterns are used to violate its rules, such as misdirection to falsely achieve parental consent, or other tricks and traps that impact children’s privacy.
  • ROSCA (2010): Restore Online Shoppers’ Confidence Act is a federal law that requires online merchants to obtain a customer’s express informed consent before charging them for goods or services. It contains two provisions regarding the hard to cancel deceptive pattern (which it refers to as deceptive or unfair ‘negative option’ subscription practices). Specifically, all terms of the subscription – including renewal frequency and price – must be clearly and conspicuously disclosed to the customer before obtaining the consumer’s billing information (they can’t be tricked into a subscription); and a provider must offer a simple mechanism to cancel a negative option subscription...
  • CAN-SPAM (2003): Controlling the Assault of Non-Solicited Pornography and Marketing Act is a federal law that prohibits deceptive email marketing practices. It requires companies to obtain consent from users before sending them commercial emails. It also includes not sending misleading emails, providing a way for users to opt out of future emails, and honouring opt-out requests promptly. CAN-SPAM doesn’t cover deceptive patterns directly, but it is applicable when deceptive patterns are used to violate any of these rules.
  • TSR (1994): Telemarketing Sales Rule is a federal law that regulates telemarketing activities. It prohibits deceptive telemarketing practices and sets standards for how businesses may contact customers via phone. Although CSR doesn’t cover deceptive patterns directly, it is applicable when deceptive patterns are used to violate any of TSR’s rules.
  • TILA (1968): Truth in Lending Act is a federal law that requires lenders to disclose important information about the terms of a loan to borrowers. This includes the interest rate, loan fees, the total cost of the loan, and the total amount the borrower will have to pay back. Lenders that use deceptive patterns in order to deceive or mislead consumers may be in violation of TILA.

Other US state laws

The US also has state laws, though federal law takes precedence over state law in case of conflicts. Most states have laws that relate to consumer protection that could potentially be invoked in legal disputes concerning deceptive patterns. Here are a few of them.

  • California Privacy Rights Act: The CPRA builds on the California Consumer Privacy Act (CCPA) and includes specific provisions addressing ‘dark patterns’. It requires businesses to provide clear and comprehensible choices for consumers regarding the collection, use, and sharing of their personal information. The law explicitly prohibits the use of ‘dark patterns’ that have the substantial effect of subverting or impairing a consumer’s choice to opt out of the sale or sharing of their personal information. The CPRA also establishes the California Privacy Protection Agency (CPPA), which is responsible for enforcing the law.
  • Colorado Privacy Act (Senate Bill 21-190): The CPA aims to enhance consumer privacy by offering individuals greater control over their personal data collected and processed by businesses. The act defines and regulates ‘dark patterns’, but only in the context of consent for the processing of personal data. It stipulates that businesses must not employ ‘dark patterns’ when responding to consumers’ opt-out requests.
  • New York General Business Law: New York’s GBL protects consumers from deceptive acts and practices under article 22-A, titled ‘Consumer Protection from Deceptive Acts and Practices.’ Specifically, Section 349 prohibits deceptive acts or practices in the conduct of any business, trade, or commerce, or in the furnishing of any service. The law does not specifically mention deceptive patterns, but its broad scope could potentially encompass cases involving manipulative or misleading design elements. The New York State Attorney General’s Office is responsible for enforcing the GBL.
  • Massachusetts Consumer Protection Act (MGL C93A): Also known as ‘Regulation of Business Practices for Consumers’ Protection’, this law aims to protect consumers from unfair and deceptive practices in trade or commerce. It covers a wide range of business activities and practices, and its broad language could be applied to cases involving deceptive patterns. It is also rather powerful, providing for double and treble damages in certain circumstances, as well as attorneys’ fees and costs (see sections 9a to 9c). The Massachusetts Attorney General’s Office is responsible for enforcing this law, and consumers can also file private lawsuits to seek redress.
  • Washington Consumer Protection Act (RCW 19.86): This Act prohibits unfair or deceptive practices in commerce under its Section 19.86.020. It is a broad law that aims to protect consumers from a wide range of deceptive practices, including those in advertising, sales and services. Although it does not specifically mention deceptive patterns, its provisions could potentially be applied to cases involving deceptive design elements. The Washington State Attorney General’s Office is responsible for enforcing this law.

Buy the book...

Since 2010, Harry Brignull has dedicated his career to understanding and exposing the techniques that are employed to exploit users online, known as “deceptive patterns” or “dark patterns”. He is credited with coining a number of the terms that are now popularly used in this research area, and is the founder of the website deceptive.design. He has worked as an expert witness on a number of cases, including Nichols v. Noom Inc. ($56 million settlement), and FTC v. Publishers Clearing House LLC ($18.5 million settlement). Harry is also an accomplished user experience practitioner, having worked for organisations that include Smart Pension, Spotify, Pearson, HMRC, and the Telegraph newspaper.

Buy the book
Inquire about expert witness services
Previous
27. Legislation in the European Union
Next
29. Enforcement challenges