The regulatory enforcement agency for the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA), the California Privacy Protection Agency (CPPA) announced additional enforcement focuses this week, including an emphasis on dark patterns on businesses’ websites. Michael Macko, Deputy Director of the CPPA, said, “The number of investigations we have is easily in the double digits and it’s growing. We are not slowing down. We are following the facts wherever they lead. We are not limiting ourselves to particular provisions of the law. We are not limiting ourselves to particular practices.”
This announcement comes after last summer’s enforcement focus , now turning to dark patterns. Dark patterns are deceptive designs or deceptive patterns used as a digital design tactic that tricks users into making decisions they would not otherwise make.
Earlier this month, the CPPA began this focus and examined 1,000 websites and apps for these deceptive design patterns -almost all of them have one or more dark patterns.
In addition to a review of websites for dark patterns, the CPPA will also monitor businesses to ensure they honor consumer requests to opt out of the sale and sharing of data. Businesses may also receive notice of a potential CCPA violation if the CPPA determines that the business did not give proper notice of its data sharing and selling activities or if no opt-out mechanism is offered.
Lastly, the CPPA will focus on complaints about business that affect vulnerable populations or groups. Now is the time to confirm your business’ compliance with these and other CCPA requirements.