deceptive-designs-in-apps-and-websites-could-result-in-fines-under-the-consumer-privacy-protection-act

Online consent procedures that are dishonest or misleading are prohibited by Canada’s proposed Consumer Privacy Protection Act (CPPA).

Companies that violate the act’s regulations risk fines. The use of deceptive user interface designs in social media platforms, online retailers, and other services’ apps and websites could get them into trouble.

The CPPA is a part of Bill C-27, which the federal government describes as an effort to strengthen Canadian privacy law and ensure ethical use of customer data and artificial intelligence by businesses.

The government’s view that consent is essential to protecting personal information is suggested by the possibility of fines for deceptive or misleading consent procedures. As a result, businesses may be held liable for misleading user interface designs connected to consent processes on apps and websites.Choosing how to display buttons, links, prompts, images, videos, text, and other visual elements on-screen is known as user interface design. Shape, color, size, and placement choices affect what people see first or second, where they click or tap, and whether they make a purchase, file a complaint, or give their consent.

Design decisions that can deceive, coerce, or otherwise exploit people are known as deceptive designs (problematically referred to as dark pattern designs). An analysis of roughly 11,000 shopping websites identifies 15 different categories of deceptive designs, each with a different strategy for manipulation.Internationally, deceptive design is a major concern for information policy, and problematic consent procedures are the main area of emphasis for current enforcement actions. The Commission Nationale de l’Informatique et des Libertés (CNIL), a French data protection authority, fined Google and Facebook the equivalent of $215 and 86 million Canadian dollars in 2022 for deceptive design, respectively.

A button to accept online cookies was made available to users “immediately,” according to CNIL, but there was no equivalent prompt for rejecting them. Multiple clicks being necessary to reject all cookies, according to CNIL, improperly influenced the consent process.

Internet phone provider Vonage was forced to refund customers the equivalent of C$133 million after the U.S. Federal Trade Commission (FTC) took action due to its deceptive designs that made it simple to steal information.