The state of California has just passed new regulations that strengthen the California Consumer Privacy Act and forbids for-profit businesses that do business in California from using “dark patterns” on their websites or apps to fool users into doing things they might not otherwise do, like giving their information or purchasing unwanted goods and services. 

“California is at the cutting edge of online privacy protection, and this newest approval by the Office of Administrative Law clears even more hurdles in empowering consumers to exercise their rights under the California Consumer Privacy Act,” California Attorney General Xavier Becerra said. “These protections ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights.”


The goal of “dark patterns” is to fool the website user into doing something they otherwise might not have done. The goal is always about gaining more information and even money from the user.

Some popular ones that you might easily recognize:  


In your attempt to make a purchase, an additional item appears in your basket. It might be something small or even something you want like a modest product insurance plan for $4.99. But the point is that you didn’t consciously choose that item and yet you might find yourself inadvertently paying for it.


At the end of your checkout process, you find that some unexpected charges have appeared on your bill, usually taxes and/or delivery fees.


This is a manipulative way of getting the user to opt into something. They word the question in such a way as to “shame” the user into making the preferred decision. Most common is the attempt to get you to sign up for a mailing list. It seems silly to think that opt-out wording like, “No, I’d rather keep paying full price” would influence us to then sign up and give our information in exchange for future coupons, but if it didn’t work, they wouldn’t keep trying it.


Some web pages are packed full of obvious advertisements, content, and then ads that are so well disguised and positioned that you think you are clicking as part of the content but you are clicking an ad instead. Maybe it’s a fake download button or a headline that looks like a bit of news, but the goal is to trick users into clicking on the ads rather than getting the thing they wanted. A well-designed ad of this sort is indistinguishable from the content the user is interested in.


We are constantly being tempted with “free trials” of a service, but they usually ask for your credit card information before you can access it. Forced continuity is when your credit card then quietly gets charged without any warning. The critical information about this subscription renewing automatically after seven days or two weeks was either not published or it was hard to see. Then, they make it difficult to find the area where you can cancel this automatic renewal.

Another and more common situation is that you were made aware that your subscription will renew automatically in a year, but of course during that year, with other things on your mind, you forget and without any notification or reminder that your subscription is about to automatically renew, you get charged. You are not given the chance to think through this decision you made a year ago on whether to continue the service.


The overarching CCPA applies to for-profit businesses that do business in California and meet any of the following:

  • Have a gross annual revenue of over $25 million;
  • Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
  • Derive 50% or more of their annual revenue from selling California residents’ personal information.


In addition to now being free from the deceptive practices of dark patterns, California residents can control the use of information that has been gleaned from them:

  • Access: You can request access to personal information a company has collected about you.
  • Deletion: You can ask a company to delete personal information they’ve collected from you.
  • Opt-out from Sales: You can opt out of sales of personal information about you.

Other states are considering passing similar regulations and there is even talk on Capitol Hill of a federal response.

Like the ubiquitous robocalls on your cell phone that have been registered on the “do not call” list, these dark pattern tactics continue because they work. The average website user moves quickly across websites, gleaning what they want and moving on. Our lack of attention gives the dark pattern websites the opportunity to strike. And often.

New Target does not advise its clients to use “dark patterns,” nor do we put them in our websites. We’re not that kind of firm. If the firm you are working with traffics in dark patterns, call us and we’ll get you to safe ground.

Sleazy salespeople come and go, and their tactics work for a time, but companies that treat their clients with great respect and never attempt to fool or manipulate them are the ones that last.

A global team of digerati with offices in Washington, D.C. and Southern California, we provide digital strategy, digital marketing, web design, and creative for brands you know and nonprofits you love.

Stay up to date with our insights by following us on Twitter, Facebook, and LinkedIn.