Skip to main content

Podcast

Episode 34: Dark Patterns, Enforcements, and Best Practices for Compliance

Ashley Cianci
November 3, 2023
This COMPLY Podcast episode is part 2 of a discussion between industry experts as they dive into recent marketing compliance enforcement actions and shared their advice.

Episode Description

This COMPLY Podcast episode is part 2 of a discussion between Rhonda McGill, PerformLine’s Senior Director of Client Success, and Kimberly Monty Holzel and Courtney Hayden from Goodwin as they take a deep dive into recent marketing compliance enforcement actions and shared their advice for getting ahead of regulatory scrutiny.

Listen as they discuss:

  • What dark patterns are and some examples
  • A notable enforcement action against a large organization for engaging in dark patterns
  • Tips for avoiding dark pattern compliance issues

Show Notes:

Subscribe to COMPLY: The Marketing Compliance Podcast

About COMPLY: The Marketing Compliance Podcast

The state of marketing compliance and regulation is evolving faster than ever, especially for those in the consumer finance space. On the COMPLY podcast, we sit down with the biggest names in marketing, compliance, regulations, and innovation as they share their playbooks to help you take your compliance practice to the next level. 

Episode Transcript:

Ashley:
Hey there, COMPLY Podcast listeners, and welcome to this week’s episode. This COMPLY Podcast episode is part two of a discussion between Rhonda McGill, PerformLine’s Senior Director of Client Success, and Kimberly Monty Holzel and Courtney Hayden from Goodwin. As they take a deep dive into recent marketing compliance enforcement actions and share their advice for getting ahead of regulatory scrutiny. Listen as they discuss what dark patterns are, and some examples, a notable enforcement action against a large organization for engaging in dark patterns and tips for avoiding dark pattern compliance issues. Thanks for listening and enjoy.

Rhonda:
One of the other things, the areas that I think has become very front of, center of mind and as we hear more and more things from the CFPB is around dark patterns and folks kind of getting into the conundrum and getting stuck and not able to get out of, whether it’s emails or whatever, but just knowing that there’s so many opportunities to, for dark patterns to occur, could you talk to our folks a little bit about some of the potential pitfalls with dark patterns and maybe some enforcement actions that have occurred in the last several months?

Kimberly:
Sure. 

Courtney:
Okay, I was gonna say whoever wants to jump in. Go ahead Kim.

Rhonda:
I was about to say whoever wants to go.

Kimberly:
Yeah, I’m happy to just do an introduction to the subject and then Courtney can speak to the enforcement matters. I think that this is nothing new. This is something that we’ve seen from the FTC and the CFPB for many, many years, and there’s been a particular focus on you know, particularly whether the consumer believes they have signed up, they know that they have signed up and affirmatively authorized the opening an account or the beginning of a service. And there’s been, you know, numerous enforcement actions over the years and they keep getting more and more frequent, alleging that a financial institution or a company, not that they necessarily tricked the consumer into signing up, but that the flow was perhaps so seamless that they didn’t understand what they were authorizing. Or perhaps the consumer did have a good opportunity to read the terms and conditions, but a very important term about the cost of the service or what rights they were giving up to their data was buried on page 11 of 50. And, you know, the terms are presented in a link on your mobile phone, and that’s just not something that anyone’s gonna read.

Rhonda:
I always say, who reads them?

Kimberly:
Right? And you know it, at the end of the day, it’s everyone’s responsibility to read and understand what they’re signing. But I think there’s a line where the CFPB and the FTC are trying to draw, where at a certain point the consumers really do need to understand the terms, and at the very least, they need to understand that they’re signing up for a service just to begin with, and then they can look at the terms maybe later. So with that, Courtney, do you wanna discuss some of the recent enforcement actions on this?

Courtney:
Yeah, sure. Happy to do that. I think you can tell how interesting a topic this is given that Kim and I both tried to jump in at once on this one. And there has been a good amount of activity in this space over the past year or so. Also not surprising because just to intro the subject here a little bit further, before jumping in and diving into a couple particular enforcement actions here. In September of 2022, the FTC had actually issued a report appropriately titled Bringing Dark Patterns to Light, where they focused on four separate dark pattern tactics that they were going to continue looking into over the past year. And that’s kind of the impetus for some of this enforcement work that we’re seeing. One of those dark pattern tactics that they identified was misleading consumers and disguising ads, so pretty much what Kim was just describing. And examples of that type of kind of tactics, so to speak, are ads that are designed to look like independent editorial content that actually aren’t. Or comparison shopping sites that rank certain items of a particular type of product. But it’s actually ranked based on compensation that the companies have paid to that website. So making it appear neutral, like a neutral ranking site when it’s actually not a neutral ranking site at all.

Rhonda:
These are the issues with like a lot of lead generators?

Courtney:
Right, yeah exactly. And you know, another type of like website tactic that they’ve identified is countdown timers that make the consumer feel rushed into making a purchase by feeling like they only have, you know, two minutes and 45 seconds left to press the buy button or whatever the product is that they’re seeking to obtain. The other identified area that the FTC noted was making it difficult to cancel subscriptions or charges. And then a third item is what Kim also alluded to, which is varying key terms or certain junk fees into customer disclosures. And then the last one is tricking consumers into sharing data. The FTC identified this as a huge area of concern. And just as a kind of tidbit here, that FTC had previously alleged that a smart TV maker had unfairly enabled a default setting that allowed the company to collect shared viewing activity and provide it to third parties after only providing reportedly a very brief and arguably buried disclosure that consumers might have missed.

Courtney:
But with that in mind I’ll mention a recent enforcement matter from just a few months ago. In June of this year, the FTC had filed a complaint against an e-commerce company for enrolling consumers in a subscription without their consent, and then by making it challenging to cancel. So right there, you have two of those identified tactics from that the FTC had previewed from its September 2022 report. It alleged that the company enrolled the consumers into these subscription services without obtaining any sort of consent or sufficient consent while using arguably or alleged manipulative user interface designs that the company designed to deceive consumers into signing up for auto-renew subscriptions when the consumers were not fully aware of what they were doing.

Courtney:
This matter is pending, so we’ll have to kind of see where it goes and how it navigates through the system. But this, I think the main takeaways here are again, what Kim had mentioned, which is, ensuring that you have like clear and conspicuous terms, disclosures, fee disclosures in particular, easy cancellation processes for various subscriptions that don’t require you to jump through many hoops in order to actually effectuate cancellation or get so frustrated with the cancellation process that you perhaps just walk away from it all together. So they wanna make that a little bit easier for consumers.

Rhonda:
Yeah, I think I’ve been victim of that. I had an instance where it was like, I just couldn’t even figure it out, so it took me like two months of relieving the frustration before I started digging into it again, so it could happen to any of us. 

Courtney:
Absolutely, I think we’ve all been there at some point. 

Rhonda:
Yes, we’ve all been there. It’s like, I’ll just pay for two more months so I don’t have to yell at my phone again. Kim, did you wanna add anything into that from a compliance standpoint?

Kimberly:
Yeah, well, there’s a whole host of stuff here. So where to begin? I think the first thing is, you know, on your signup screen, making sure that it’s very clear and conspicuous that the consumer affirmatively checking a box and not just clicking continue and not realizing what they signed up for. The FTC has put out guidance on what they believe to be a clear and conspicuous disclosure and acceptance process. And that does include some sort of affirmative action, like a checkbox or something like that, an affirmative acceptance by the consumer of the terms. If you have terms that are linked through a hyperlink and you’re just scrolling through on your phone, it’s gonna be pretty difficult to read that. But they do have some standards around making sure that that link is clear and conspicuous.

Kimberly:
For example, you’ve seen the blue font instead of black to show that there’s a link. There’s some guidance around the placement of the link, it has to be above where the consumer actually accepts it. And so you would normally see a checkbox saying, I agree to the terms and conditions, maybe the terms are linked, and then a proceed button right below that. So everything has to sort of make sense to the consumer so that they understand that they’re actually signing up for the service. In addition to that, there are some types of recurring payments that require additional disclosure. So for example, if you pay with your debit card, Reg E has certain requirements for authorizing recurring payments on a debit card. Those do not apply to credit cards.

Kimberly:
But I think, you know, from a fairness perspective there should also be a good understanding that the consumer is signing up for recurring payments on their credit card. How much is it gonna be? When is that going to occur? How many payments are they going to authorize and how can they cancel those payments? Or even just replace the payment methods. So under Reg E, the consumer has a right to cancel their payment authorization. That doesn’t necessarily mean they have to cancel the subscription, but maybe they wanna change from their debit card to a credit card to pay for it. They do have a right to stop the payment on their debit card. In addition, the Nacha rules for ACH payments, there are very specific content requirements for authorizing a bank transfer by ACH. So if you’ve got a subscription or a recurring payment and you have an individual consumer that’s authorizing you to take payment monthly or weekly by ACH transfer, there’s very, very specific content that has to appear on the authorization.

Kimberly:
And if you can’t prove that the consumer authorized it then that can be very easily charged back and reversed. And there’s really not much you can do to dispute the reversal if you can’t produce proof of that full authorization. And when you do it through the ACH system, the technology system, there is a 60 day limit on reversing the ACH, but there’s also a separate mechanism where the consumer can go to their bank to feed the charge, and then the consumers bank can ask for that authorization for up to two years after that authorization happened. And if you can’t produce it, even if it’s one year and 11 months later, if you cannot produce that authorization with all the requirements in it, you do need to refund the consumer. So it has a really big potential for losses both to businesses and also to the banks.

Kimberly:
The banks are technically the ones that are on the hook under the Nacha Rules. And, you know, certainly the bank could try to go after the business for not having collected authorizations. It’s probably a breach of their banking contract. But we’ve seen instances where businesses have gone bankrupt and the banks can’t collect or they’re just a general unsecured creditor in the bankruptcy proceeding. And so banks have lost lots of money because their customers haven’t been collecting good authorization. So whether it’s your customer or whether you’re the bank that’s facilitating the payments, it’s really important to get that process really compliant when you’re authorizing subscription payments. 

Kimberly:
The other thing too is for cancellation, California has a really strict law on subscriptions and cancellation. This isn’t law everywhere. It’s a very unique law in California and it just doesn’t exist in the rest of the country yet. But I think it does provide a really interesting model that you do have to comply with in California, but everywhere else if you don’t follow those formats, perhaps it’s not a direct violation of the state law and the state where this happens. But I think it does provide a roadmap for the FTC to argue that you’ve unfairly treated a consumer if you haven’t allowed them to cancel. So I think, you know, perhaps California is the gold standard and you don’t have to do absolutely everything that California tells you to do in every other state, but I would offer that up as a good model for best practices in other states.

Rhonda:
Absolutely. Absolutely. So before we get off dark patterns, do either of you want to add anything else in there?

Kimberly:
I think I do wanna make one more note about junk fees because that’s been such a big focus. 

Rhonda:
Oh yes, please.

Kimberly:
Yeah, so in the financial services sector in particular, we’ve seen really three types of fees that have been attacked in particular. And Courtney, feel free to chime in on any of these enforcement actions. But the CFPB put out some guidance, pretty much attacking three different types of fees. One is credit card late fees and there’s some rulemaking proposals swirling around to reduce credit card late fees. Currently they’re set by Reg Z for consumer credit cards, but I think there’s further action going on to reduce that even further. The bigger thing that we’ve been seeing because this has been generating private class action litigation, FDIC, OCC and CFPB actions is overdraft and insufficient funds fees. This has been going on for a couple of years and I think, you know, the regulators have been aware of it for some time, but the plaintiff’s lawyers have really been aggressive and just going from bank, to bank, to bank, and attacking the the terms and conditions of the overdraft program and saying that they were not clear on when the overdraft fee or the insufficient funds fee would be charged.

Kimberly:
And they’ve been really successful at it, even where I thought that the deposit agreement was pretty clear. They’ve been incredibly successful in generating really expensive class actions for banks on terms that could even have a shred of ambiguity. And the most common type of claim that we see is where there’s one transaction that generates multiple fees. Let’s say that you authorize an ACH payment and it’s for a hundred dollars and you have $75 in your account that would probably be returned the first time for insufficient funds and you would get an insufficient funds fee. And maybe you would expect to get one fee, that’s fine, it’s probably in your terms, but what people don’t expect is that you can actually get up to three fees. And the reason for that is because the ACH rules allow the person who’s charging your account to reattempt a transaction two additional times if it’s been returned for insufficient funds.

Kimberly:
So on that first attempt, where it’s $75, it’s gonna be returned. Maybe the merchant’s gonna try again tomorrow, that’s another fee that I can incur. And then maybe they’re gonna try again the next day, and then maybe that gets returned again as well. Or even if it doesn’t get returned, maybe the bank pays it on the third try and then I get an overdraft fee instead of an insufficient funds fee. So you’ve got these situations where consumers are getting three fees on one attempted transaction and you know, banks are aware of this and they’ve attempted to explain this in their deposit agreement. But the CFPB, plaintiff’s lawyers, and the FDIC, and OCC have all started to say, well, this is a little bit aggressive. And so what we’re seeing is a lot of banks reducing their practices for charging these fees.

Kimberly:
So we’ve seen a lot of the banks just do away with insufficient funds fees and only charge when there’s overdraft that’s actually paid. Because, you know, there’s a payment for using money that you don’t have, that’s reasonable. But the banks are starting to do away with or reduce the frequency of insufficient funds fee. We’re also just seeing banks limit the number of fees that can be charged. We have definitely seen instances where someone just mismanages their money or maybe it’s an older person who hasn’t been able to take care of their affairs and they just generate, you know, thousands of dollars in fees. And the CFPB has definitely been on those types of complaints and doing that is unfair behavior.

Courtney:
And I would just note kind of seizing on Kim’s point about there being a lot of class action activity in the space. It’s always the case that whenever there’s a federal regulator later consent order in particular or state regulator, consent order settlement with a company about a particular issue, you know, plaintiff’s attorneys typically look at that and you can expect for the most part class action litigation to follow. That also happens with respect to other similar financial institutions or companies. So, you know, if there’s like a consent order between the CFPB and company A, that doesn’t mean company B is not also not at risk for class action litigation. Plaintiff’s attorneys absolutely look to other companies that might be doing similar type of work, or activities to see if there might be something to bite off with respect to that company too. So just generally being aware of larger, more significant consent orders and settlement agreements with any federal or state regulator would assist your company to manage risk or at least be aware of it.

Kimberly:
Absolutely. I would add one more thing to that, which is that the plaintiff’s lawyers often beat the regulators to it and alert the regulators to the issue. So where the plaintiff’s lawyer might be going down the line of banks, the FDIC will take notice that a bank under their supervision is subject to this action and they’ll jump on it. And that’s not fun.

Rhonda:
Not fun at all.

Ashley:
Thanks for listening to this episode of the COMPLY Podcast. We’ve got several resources for you on dark patterns and recent enforcement actions that I will drop in today’s show notes. Including a previous podcast featuring Sandhya Brown from the FTC on dark patterns and two content pieces around enforcement actions in the first half of 2023, and the marketing compliance insights we can learn from them. As always, for the latest content on all things marketing compliance, you can head to performline.com/resources and for the most up-to-date pieces of industry news, events, and content, be sure to follow PerformLine on LinkedIn. Thanks again for listening and we’ll see you next time.

Stay Updated

Join thousands of other industry professionals

Subscribe to receive the latest regulatory news and updates with a focus on marketing compliance via content offers, newsletters, blog posts, and more
This field is for validation purposes and should be left unchanged.

Connect with PerformLine and see what we can do for you.