Some Dark Patterns now illegal in UK – interview with Heather Burns

In this article I interview Heather Burns, author of The Web Designer’s Guide to the Consumer Rights Directive.

So, which dark patterns are now illegal in the UK?
The EU’s new consumer rights law bans certain dark patterns related to e-commerce across Europe. The “sneak into basket” pattern is now illegal. Full stop, end of story. You cannot create a situation where additional items and services are added by default. No more having to manually remove insurance from your basket when purchasing plane tickets.

Hidden costs are now illegal, whether that’s an undeclared subscription, extra shipping charges, or extra items. While the costs are still permissible, failing to advise the customer about them or explain what they are is not. Everything has to be brought out in the open, explained, and clarified before checkout. Even if you are not able to declare a specific additional cost in advance – say, supplemental shipping charges to remote areas – you still have to declare that these charges exist and will be applied to the order.

As a part of that, retailer fees and surcharges must be brought out into the open and explained. Retailers can no longer charge “processing fees” in excess of what it actually costs them. Remember when a certain airline used to offer £2 return flights which carried a £45 credit card processing fee? Now, we all knew damn well that the flight was £45 and the processing fee was £2, but there was nothing we could do about it. With the new law they cannot try to swap the figures or surprise you with a £45 “processing fee” at checkout.

Forced continuity, when imposed on the user as a form of bait-and-switch, has been banned. Just the other day a web designer mentioned to me that he had only just discovered he had been charged for four years of annual membership dues in a “theme club”, having bought what he thought was a one-off theme. Since he lives in Europe, he may be able to claim all of this money back. All he needs to do is prove that the website did not inform him that the purchase included a membership with recurring payments.

What UK laws have changed?

This law updated and replaced the 1997 consumer rights law, which was laughably outdated. It’s pretty amazing to think that until June this year, digital products and downloads had no reference in trading laws, which meant that consumers had no protection.

The new law essentially had three goals. The first was to update those ridiculously old e-commerce laws. It’s a damning indictment of all the UK governments and parties who have held power since 1997 that it took the EU to force us to bring our trading laws out of the Teletext era.

The second goal was to harmonise consumer trading laws across all of Europe so that people can do more cross-border shopping. Pour exemple, I love French pop music. If I decide to spoil myself with a bumper order from Paris, I can now do so knowing that I am buying under the same conditions and protections as if I’d gone to my local Fopp.

The third goal, and the one you’re concerned with, was to outlaw e-commerce’s worst Dark Patterns. There’s clearly been a lot of good public input into this law. We’re really not used to seeing web laws that deal with real specifics rather than theoretical concepts.

Are some Dark Patterns still legal?

The directive only dealt with Dark Patterns concerning e-commerce. Dark Patterns concerning other issues like privacy, information disclosure, sharing and advertising are not affected. We also have yet to see what new Dark Patterns will be invented in response to the Directive!

How come some e-commerce sites are still using the sneak into basket dark pattern? Are they breaking the law?

The law has not been well publicised. Lack of knowledge, of course, is no excuse. In my book I talked about “trading trolls” – people who would surf the web specifically looking for noncompliant sites so that they can place an order, get the stuff, report the site for noncompliance, get their money back, and keep the stuff. After all, if the site is breaking the law, they have no recourse there. I would, of course, never encourage anyone to do that.
*coughs loudly, and winks*

Let’s get specific – is now breaking the law?

Sportsdirect - sneak into basket dark pattern now illegal

At the time of writing, sneaks a £1 magazine and mug into your basket with every purchase. As that is adding those items by default, thereby forcing the customer to manually remove them, it is noncompliant. They cannot argue that a magazine and a mug are companion pieces to the items being purchased. They are extra items, full stop. If the magazine is so essential they can simply include it in your shipping parcel like many retailers do. As for a mug, the process of removing one from your basket treats us like one.

How about - dark pattern skates the line between legal and illegal

Next is stretching the law to its limits. Technically this is legal because it meets the information provision requirements. As with anything, though, just because it’s legal doesn’t make it right. The Next Directory is not a paper catalogue, it’s a credit programme and a financial service. (I learned this when I signed up for the directory, never received a copy nor the invoice, and then received a late fee notice and a mark against me on my credit record for not paying for a stupid catalogue which I never received.) Financial services are exempt under the Directive, and so are deliberately being as ambiguous as possible because they can.

And what about Ryanair?

Ryanair's infamous insurance dark pattern

It’s a fair bet to say that the company whose conduct led to this law being created in the first place is going to throw out quite a few examples of noncompliant conduct. In this example, they are still adding the additional payment by default, leaving the consumer to manually opt-out of it. That’s wrong.

What’s going to happen to businesses who use these now-illegal Dark Patterns?

Quite simply, businesses who don’t comply face a loss of revenue. If you make a purchase, whether that’s buying goods or a service, on a non-compliant web site, you have the right to recourse through your nearest Trading Standards office, in other words, your local Council. Unlike the cookie law, which is dealt with by one UK-wide bureaucracy which has bigger fish to fry, this law is dealt with on a local level.

A failure to comply cancels the transaction. You can get your money back and keep the goods. If the sale was for a service or a digital download, the contract is cancelled and no further payments are due.

So this isn’t a re-run of the cookie law farce we had a few years ago?

Absolutely not. The cookie law was the wrong law, drafted at the wrong time, in the wrong way, for the wrong reasons. The Consumer Rights Directive couldn’t be more different. It was desperately needed, it’s common sense, and it reflects the way the web actually works.

How does the Consumer Rights Directive affect US companies who are dealing with UK or EU consumers?

The Directive applies to inter-EU sales only. A US company does not need to comply to sell in Europe. Although it would be awfully nice of them.

And finally, tell us about your book!
My book does what it says on the tin – The Web Designer’s Guide to the Consumer Rights Directive. It started out as a blog post, but 11,000 words later I realised it was a bit more than that!

Writing the book was my attempt to bring sanity back to the web community. I’ve been researching and writing about the cookie law since 2012 and it’s taught me a lot about the gap between practice and theory. One of the many things I came to realise is that laws concerning the craft of web development are cooked up by offline politicians and then drafted by solicitors for solicitors. They throw an 80 page legalese .pdf onto a web site and say “there’s your lot, now comply.” They don’t think about who actually does the work, and because they are neither coders nor crafters, they very often literally have no idea what they are talking about.

The web community needed someone to translate these laws into plain English, break them down into small chunks, and explain how to comply in terms of front-end and back-end implementations, not airy legal theory. And if aspects of the laws are ill-informed or disruptive, we have a responsibility as a community to speak out.

Buy the book ›