CPPA Stakeholder Meeting Discusses “Dark Patterns”

On May 5, 2022, I participated in the California Privacy Protection Agency’s (CPPA) stakeholder meeting, making a public statement about “dark patterns” which I urged them to redefine as “harmful patterns,” and suggested changes to their definitions of “Consent” and “Intentional Action.”

As Jared Spool says, we should be looking at the UX outcome of design decisions, not just the intent, as many designers adopt strategies or work with underlying technologies whose outcomes can be harmful to the technology user and other stakeholders. These UI patterns may not have the intent to do harm. Often the designers’ intent is to provide convenience or a useful service.

Take accessibility overlays that intend to provide a better experience for people with visual or cognitive disabilities but have the effect of overriding necessary controls. Even patterns that affect user behavior, like staying on a page longer, clicking on a link, accepting default cookie settings, etc. may be intended to provide convenience to users, but unknowingly to both the designer and the user, there are processes underlying many of these tools that share data and information about the transaction that can be harmful.

CPRA is defining what it means to consent to data collection and what an intentional user action is. It addresses “dark patterns” as an intentional deception, when often the digital harm is not intentional, yet is deep-rooted. We are hoping to make these harms clearer and provide guidelines for addressing them through our ISL Safe Software Specification.

Read more about the CPPA stakeholder meeting and my statement on behalf of the Internet Safety Labs (formerly the Me2B Alliance):

Me2B Alliance

Background

The Me2B Alliance is a standards development organization comprised of software engineers, policy analysts, UX experts, business and philanthropic leaders who are committed to giving individuals more say in how technology treats people. We are setting up a rigorous independent testing and certification program for websites, apps and connected devices. The Me2B Alliance is comprised of working groups for Me-s (the consumer), B-s (the business) as well as the Policy and Legal and Certification working groups. Together, we are setting the standard for Respectful Technology.

My Role

My role at the Me2B Alliance is twofold: I am leading up the Research and Validation practice to provide user experience and other research services to the various working groups, exploring questions around the consumer experience of their relationship with digital technology.

Secondly, I am developing the product integrity testing framework for digital technologies, in particular mobile apps and websites. This framework, coupled with data integrity and security testing, makes up the requirements for Me2BA certification.

User Research Methods

Ethnographic Research

I am engaging consumers in one on one conversations about their relationship with technologies they use in their day to day lives. Research questions range from and their understanding of privacy policies, terms of use agreements and other agreements they make implicitly by using a technology. for example, do users change how they interact with a website when they are familiar with the legal terms of the website? And would a score make a difference?

Preference Testing

I performed a series of tests of the certification mark to be used as a symbol of trust in connected digital technologies. This included interviews, focus groups, unmoderated 5-Second preference tests and surveys.

Product Integrity Testing

I developed a UX Integrity framework for the Me2B Safe and Respectful Technology Framework (now published as the Me2B Safe Specification). This framework was based on an applicaiton of IA heuristics to ensure that notices of data collection, use and sharing is Clear, Findable, Accessible, Credible and Communicative or understandable by a wide audience of human and machine readible or accessible devices.

Tools

Interviews and Focus Groups: Zoom, UserInterviews.com, Surveymonkey

Preference Tests and 5 Second tests: UserInterviews.com

Collaboration: Microsoft Teams, Zoom, Microsoft365, Trello, Monday

Artifacts

Safe Tech Audit: IA as a Framework for Respectful Design (April 23, 2022)
Conference Presentation: Information Architecture Conference 2022

Spotlight Report #5: Me2B Alliance Validation Testing Report: Consumer Perception of Legal Policies in Digital Technology (January 18, 2022)

Spotlight Report #3: Me2B Alliance Validation Research: Consumer Sensitivity to Location Tracking by Websites and Mobile Apps (November 5, 2021)

Shedding Light on Dark Patterns: A Case Study on Digital Harms (April 28, 2021)
Conference Presentation: Information Architecture Conference 2021

Webinar: Me2B Research: Consumer Views on Respectful Technology

Future Plans

We are planning to conduct three focus groups per month of consumers and digital product designers/managers. The research will continue to evolve our understanding of how consumers experience their relationship and risks with respect to digital technologies.