Dark Patterns
¿Qué es Dark Patterns?
Dark PatternsDeceptive user-interface designs that nudge or trick users into actions against their interest — over-broad consent, hidden cancellations, sneak-in opt-ins — increasingly regulated under GDPR Article 5, the EU DSA, and U.S. FTC Click-to-Cancel rules.
Dark patterns is a term coined by UX researcher Harry Brignull in 2010 for user-interface designs that deceptively nudge users into actions counter to their own interest, such as accepting tracking, buying more, or staying subscribed. Common patterns include 'confirmshaming' opt-out wording ('No thanks, I don't want better deals'), pre-checked consent boxes, asymmetric button styling that makes 'Accept all' visually dominant, hidden costs revealed only at checkout, and 'roach motel' subscription flows where signup takes one click and cancellation takes a phone call. Regulators have moved from soft guidance to enforcement: the European Data Protection Board's 2022 dark-patterns guidelines apply GDPR Article 5(1)(a) fairness and transparency obligations; the EU Digital Services Act explicitly prohibits dark patterns for very large online platforms; the U.S. FTC's 'Click-to-Cancel' rule (2024) requires that cancellation be as easy as subscription; the California Privacy Protection Agency adopted dark-patterns regulations in 2023. From a privacy-engineering perspective, dark patterns are now both an ethical and a regulatory risk and increasingly a vector targeted by competitor reports, NGO-led audits, and class-action plaintiffs.
● Ejemplos
- 01
A 2023 EDPB enforcement action against a major newspaper required removal of asymmetric 'Accept all' vs hidden 'Reject all' cookie banners.
- 02
A U.S. streaming service redesigns its cancellation flow in 2024 to match the FTC Click-to-Cancel rule's same-channel, same-clicks symmetry.
● Preguntas frecuentes
¿Qué es Dark Patterns?
Deceptive user-interface designs that nudge or trick users into actions against their interest — over-broad consent, hidden cancellations, sneak-in opt-ins — increasingly regulated under GDPR Article 5, the EU DSA, and U.S. FTC Click-to-Cancel rules. Pertenece a la categoría de Privacidad y protección de datos en ciberseguridad.
¿Qué significa Dark Patterns?
Deceptive user-interface designs that nudge or trick users into actions against their interest — over-broad consent, hidden cancellations, sneak-in opt-ins — increasingly regulated under GDPR Article 5, the EU DSA, and U.S. FTC Click-to-Cancel rules.
¿Cómo funciona Dark Patterns?
Dark patterns is a term coined by UX researcher Harry Brignull in 2010 for user-interface designs that deceptively nudge users into actions counter to their own interest, such as accepting tracking, buying more, or staying subscribed. Common patterns include 'confirmshaming' opt-out wording ('No thanks, I don't want better deals'), pre-checked consent boxes, asymmetric button styling that makes 'Accept all' visually dominant, hidden costs revealed only at checkout, and 'roach motel' subscription flows where signup takes one click and cancellation takes a phone call. Regulators have moved from soft guidance to enforcement: the European Data Protection Board's 2022 dark-patterns guidelines apply GDPR Article 5(1)(a) fairness and transparency obligations; the EU Digital Services Act explicitly prohibits dark patterns for very large online platforms; the U.S. FTC's 'Click-to-Cancel' rule (2024) requires that cancellation be as easy as subscription; the California Privacy Protection Agency adopted dark-patterns regulations in 2023. From a privacy-engineering perspective, dark patterns are now both an ethical and a regulatory risk and increasingly a vector targeted by competitor reports, NGO-led audits, and class-action plaintiffs.
¿Cómo defenderse de Dark Patterns?
Las defensas contra Dark Patterns combinan habitualmente controles técnicos y prácticas operativas, como se detalla en la definición.
¿Cuáles son otros nombres para Dark Patterns?
Nombres alternativos comunes: Deceptive design, Sludge patterns.
● Términos relacionados
- privacy№ 233
Gestión del consentimiento
Procesos y herramientas que recopilan, registran, refrescan y aplican los permisos del usuario para tratar datos personales y emplear cookies conforme a la normativa de privacidad.
- privacy№ 560
IAB TCF (Transparency and Consent Framework)
The Interactive Advertising Bureau Europe's framework for capturing, encoding, and propagating user consent for advertising and analytics data uses under GDPR — controversial, partly invalidated by Belgian DPA in 2022, then revised as TCF v2.2.
- privacy№ 494
Global Privacy Control (GPC)
A browser-level signal — an HTTP header and a JavaScript property — by which a user expresses a 'do not sell or share' opt-out, given binding legal force in California (CCPA/CPRA) and Colorado (CPA) regulations.
- compliance№ 488
RGPD
Reglamento General de Protección de Datos de la Unión Europea que regula el tratamiento de datos personales de personas en la UE y el EEE.
- privacy№ 957
Privacidad desde el diseño
Enfoque de ingeniería y gobierno que integra la privacidad en sistemas, procesos y configuraciones por defecto desde las primeras fases de diseño, en lugar de añadirla más tarde.
- compliance№ 167
CCPA
Ley de Privacidad del Consumidor de California, ley estatal de EE. UU. que otorga derechos a los residentes de California sobre su información personal.