Canadian privacy regulators pass resolution to address privacy-related harms resulting from deceptive design patterns
TORONTO, ON, November 13, 2024 – Privacy regulators from across Canada have issued a joint resolution calling for action on the growing use of deceptive design patterns (DDPs) that undermine privacy rights. Passed at their October annual meeting, hosted by the Information and Privacy Commissioner of Ontario, the resolution outlines key measures for organizations to adopt privacy-first design practices.
Deceptive design patterns, often referred to as dark patterns, manipulate or coerce users into making decisions that may not be in their best interests, particularly children. These patterns are frequently used on websites and mobile apps, and their prevalence is a growing concern for regulators, especially as more of Canadians’ daily activities move online.
In 2024, the Global Privacy Enforcement Network (GPEN) launched a sweep of websites and apps, examining the prevalence of privacy-related DDPs. Some Canadian privacy regulators joined this international effort, which examined over 1,000 websites and apps across multiple sectors, including retail, social media, news, entertainment, health, fitness, and those aimed at children.
The findings were troubling: 99 percent of Canadian digital platforms examined in the sweep included at least one deceptive design pattern, with especially high levels of DDPs on platforms designed for children.
In response to the widespread use of and potential harm from privacy-related DDPs, Canada’s privacy commissioners and ombuds are calling on organizations in the public and private sectors to prioritize users’ privacy and support their informed and autonomous choices by avoiding deceptive design practices. The resolution urges organizations to:
- build privacy and the best interests of young people into the design framework using privacy-by-design principles
- limit the collection of personal information to only what is necessary for a specific purpose
- use clear, accessible language that complies with privacy laws, enhances transparency and builds trust
- regularly review and improve design elements of websites and apps to reduce exposure to deceptive design patterns and support informed privacy choices
- choose design elements that adhere to privacy principles and do not generate negative habits or behaviors in users
The privacy commissioners and ombuds commit to collaborating with governments and other interested parties to modernize design standards, reduce the presence of DDPs, and champion privacy-friendly design patterns that respect user autonomy.
Learn more:
- Resolution: Identifying and mitigating harms from privacy-related deceptive design patterns
- Information and Privacy Commissioner of Ontario hosts annual meeting of federal, provincial, and territorial information and privacy commissioners and ombuds
For more information:
Julie Ursu, Manager of Communication
Telephone: 306-798-2260
Email: jursu@oipc.sk.ca