Policy that seeks to regulate the Internet must reckon with its design. As recent regulatory efforts—including the European Union’s General Data Protection Regulation (GDPR) and Germany’s Network Enforcement Act (NetzDG) law—have demonstrated, well-intentioned interventions into the digital world can have negative consequences if critical questions of design and implementation are neglected. Rather than augment user agency, GDPR interstitials and NetzDG reporting processes have spawned their own genre of dark patterns, omitting important information, misleading citizens, and undermining the principles of consent they were created to preserve.
This paper and a companion piece by Ellen Goodman and Karen Kornbluh traces foundational design precepts, highlighting the shared vocabulary of different design experts to arrive at some fundamental design principles. It explores how design principles can be exploited to manipulate rather than inform, and how they might instead be used to empower users. In particular, this paper details ways in which past policies, paying particular attention to the GDPR and the NetzDG, have failed to incorporate essential design principles and therefore enabled the deployment of dark patterns. It examines the creation of consent interstitials—a key hallmark of the post-GDPR world—and identifies strategies used to subvert the law’s requirements, by failing to offer true choices, overwhelming users with information, or sending them on a multi-page journey that does more to confuse than to clarify.
The paper surveys different methods for using design to defeat disinformation and increase privacy, and it concludes with design suggestions for policymakers to keep in mind when writing legislation for the digital world. Key recommendations include implementing frictive measures that reflect human psychology; mandating that privacy settings take up main “real estate” on a webpage; standardizing the language, font, color, and hierarchy of consent interstitials; updating labels placed on disputed pieces of content after their veracity or accuracy has been established; and suggesting that policymakers collaborate with standard-setting bodies like the World Wide Web consortium.