Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Hong Kong: PCPD publishes recommendations on deceptive design patterns for online platforms
On July 10, 2024, the Office of the Privacy Commissioner for Personal Data (PCPD) announced that it had joined the Global Privacy Enforcement Network (GPEN) to conduct a global privacy protection sweep on more than 1,000 websites and mobile applications to discover deceptive design patterns.
What were the findings of the sweep?
The PCPD elaborated that the sweep, conducted between January 29, 2024, and February 2, 2024, revealed that 97% of the websites and apps reviewed used one or more deceptive design patterns that made it difficult for users to make privacy-protective decisions.
Furthermore, the PCPD explained that deceptive design patterns typically employ techniques that steer users towards options that may:
- result in the collection of more of their personal data;
- force users to take multiple steps to find the privacy policy, log out, or delete their account; and
- present users with repetitive prompts aimed at frustrating them and ultimately pushing them towards sharing more personal data than they initially wished.
The sweep discovered that deceptive techniques were employed, such as:
- complex and confusing language in privacy policies;
- interface interference by using emotionally charged language to influence user decisions;
- nagging users to reconsider their intention to delete their accounts;
- obstructions when users made privacy choices or accessed privacy information; and
- forcing users to disclose more personal data when they tried to delete their accounts than they had to provide when they opened the accounts.
What were the recommendations given by the GPEN?
The PCPD noted that the GPEN participating authorities encouraged businesses to design their online platforms or apps in a manner that enables users to make informed privacy-protective choices by using techniques such as:
- making the most privacy-protective option as the default choice;
- emphasizing the provision of privacy options to users;
- avoiding using biased language and design, and presenting privacy choices in a fair and transparent manner;
- allowing users to easily find privacy information, log out, or delete an account without the need for multiple clicks; and
- providing timely and relevant consent options to users.
You can read the press release here and access the report here.