Dark Patterns on Websites – Part 2


3 minutes

Evil is always and everywhere After reading the first part of this series of articles, which discussed dark patterns in general, in this article we …


Evil is always and everywhere

After reading the first part of this series of articles, which discussed dark patterns in general, in this article we will look at some of these strategies in detail. If you then take a closer look at the many different cookie banners on websites, you will realize what the Austrian pop scene already knew 35 years ago: Evil is always and everywhere.


Let’s start with “overloading”. It denotes too much information, a confusing structure and too many choices. Admittedly, meeting the relevant requirements of the General Data Protection Regulation (GDPR) is not an easy task. After all, the information provided should be precise, complete and yet easy to understand, even humor should be allowed. However, on a first visit, to the complete surprise of us privacy advisors, a user usually does not want to explore the details of the privacy policy, but simply see the website where they want to book their trip or find the ultimate Bundt cake recipe. Everything that distracts him is annoying and should disappear as quickly as possible. So what does the inclined user do when presented with a multitude of options and a desert of text? Right! “Accept everything” – and that is also the goal of the website operator. Maybe legitimate, but not fair.

So not like that

A good consent management tool masters the balancing act between complete information and clarity. In a first information level, the information is structured, for example divided into different categories. The most important statements should already be given here. In a short way, the view can then be expanded in such a way that all details are also visible. This reduces the ” mental load ” in understanding the setting options offered by the website.


Another strategy is to urge “skipping”, i.e. skipping settings. This can be done in two ways. On the one hand, with a violation of the principle of “privacy-by-default”, certain settings are already preselected, which are desirable for the website operator but potentially lead to a disadvantage for the user. If there really is a choice, either the most data-efficient option should be preselected or none at all and the user must expressly choose one option.

The second method of “skipping” is collecting data while hiding the possibility of skipping. This means the user is left in the belief that data must be entered and a selection must be made because the button/link with “Skip this area” is designed very inconspicuously. The combination of light gray font on a white background with a small font size is often chosen. Sometimes you could also believe from the design that it is not a link at all but normal text. So you have the solution right in front of you, but you don’t recognize it. Unsurprisingly for many parents, this method is also called “ hidden in plain sight ”.

You don’t have to

Of course, if you want to treat your website visitors fairly, you don’t need such tricks. A good user interface ensures that the user can reliably recognize all clickable elements through a uniform presentation. However, the human imagination does not end there. We explore more Dark Patterns in the next part of this series of articles using the terms “Stirring”, “Hindering”, “Fickle” and “Left in the dark”.

Recommended articles

The role of AI in GDPR compliance

With the rise of artificial intelligence (AI) and its increasing use in various industries, it is becoming crucial for organizations to understand the role of AI in ensuring GDPR compliance.

Browser Fingerprinting and the GDPR

Browser fingerprinting is a technique used by websites and advertisers to track and identify a user’s device and online behavior based on information collected from their web browser. This information may include technical details about the device, software, and network, as well as user-specific information such as language preferences, time zone, and browsing history.

5 common GDPR myths debunked

The General Data Protection Regulation (GDPR) is a set of regulations introduced by the European Union (EU) in 2018 to ... Weiterlesen ...

Server Side Tracking GDPR compliant

How to implement server side tracking/tagging in compliance with GDPR? What needs to be considered in relation to the GDPR? ... Weiterlesen ...
Thank you for visiting, the website of legal web GmbH in Österreich. We use technologies from partners (2) to provide our services. These include cookies and third-party tools to process some of your personal data. These technologies are not strictly necessary for the use of the website, but they do enable us to provide a better service and to interact more closely with you. You can adjust or withdraw your consent at any time.
asd as asd