Cristiana Santos (Utrecht University), Nataliia Bielova (Université de Nice Sophia Antipolis - INRIA - Institut National de Recherche en Informatique et Automatique), Sanju Ahuja (Indian Institute of Technology (IIT), Delhi), Christine Utz (Radboud University Nijmegen - Radboud University Nijmegen), Colin Gray (Indiana University Bloomington), & Gilles Mertens (Université de Nice Sophia Antipolis - INRIA - Institut National de Recherche en Informatique et Automatique) have posted Which Online Platforms and Dark Patterns Should Be Regulated under Article 25 of the DSA? on SSRN. Here is the abstract:
On 17 February 2024 the Digital Services Act (DSA) became directly applicable across the EU, explicitly codifying and prohibiting dark patterns in online interfaces for the first time in its Article 25(1). Current enforcement investigations on dark patterns focus on Very Large Online Platforms (VLOPs) like Meta, Temu, and X. Still, ambiguity remains about which dark patterns the DSA addresses that are not already regulated by the General Data Protection Regulation (GDPR) or the Unfair Commercial Practices Directive (UCPD). By establishing an interdisciplinary collaboration between experts in law and human-computer interaction (HCI), we conduct a thorough analysis of Article 25 and Recital 67 of the DSA to provide a comprehensive examination of the types of dark patterns encompassed within these legal provisions. We align the extracted dark patterns with the most comprehensive established ontology of dark patterns that combines the existing definitions of dark patterns. Together with computer science experts, we analyse very popular services used by website publishers, such as Google Tag Manager and Google Analytics, detect dark patterns within the interfaces of these services, and demonstrate the importance of recognizing business users as potential subjects of dark patterns which are in potential violation of Article 25.
