76% of SaaS companies use ‘dark patterns,’ analysis finds

About 18 months ago, the Department of Justice and the Federal Trade Commission announced a settlement with Fortnite maker Epic to pay more than half a billion dollars in fines and restitution for its use of so-called dark patterns. Among other things, the company is alleged to have used deceptive or manipulative processes that made it too easy for kids to spend money in the game, even for things they didn’t ask for, while throwing up roadblocks to get the charges removed.

“The company charged parents and gamers of all ages for unwanted items and locked the accounts of customers who disputed wrongful charges with their credit card companies,” the FTC said when it announced the settlement.

Fortnite might be an egregious example of how a company exploits process flows to get outcomes it wants from consumers, but most companies in the software-as-a-service space leverage dark patterns to some extent, an analysis finds.

Almost 76% of SaaS companies deploy at least one dark pattern in their digital interfaces, and 67% deploy more than one, based on a 3-day sweep of 642 sites conducted at the end of January by organizations representing consumer protection and privacy agencies around the world.

The most common practice is a form of sneaking in which the company makes automatic subscription renewal the default setting without enabling consumers to turn that off as part of the purchasing process. “This was found in 81% of the [SaaS companies] who provide subscriptions that renew automatically,” a report on the sweep says.

The International Consumer Protection and Enforcement Network, which represents agencies in 26 countries, and the Global Privacy Enforcement Network, which represents 80 agencies around the world, conducted the sweep. The FTC is a member of ICPEN and is serving as its president this year and next.

Other findings

70% don’t provide information on how to cancel a subscription during the enrollment process.
67% don't provide information on a date by which the consumer must cancel before being charged for subscription renewal.
66% use a form of forced action by requiring consumers to fill out payment information to access a free subscription trial.
38% of companies that don’t offer free trial subscriptions deploy what’s called a false hierarchy to make it more likely customers will enroll in the paid subscription.
22.5% of companies that sell both subscription and non-subscription services had the subscription option preselected in the purchasing flow.
21.5% used a form of social proof to induce consumers to purchase a subscription, rather than make a one-off purchase. Social proof touts what other customers have done as a kind of “confirmshaming” to get consumers to act.

“While there were no findings as to whether any of these instances rose to the level of law violations, the [analysis] underscores the ways dark pattern techniques may impact not just consumers’ wallets but also their privacy choices,” the FTC said in announcing the findings.

In the Fortnite case, the company agreed to pay $275 million to settle charges that it violated the Children’s Online Privacy Protection Act, enacted in 1998, making it the largest fine imposed under that law. The other $245 million the company paid was in refunds to consumers.

“We accepted this agreement because we want Epic to be at the forefront of consumer protection and provide the best experience for our players,” the company said in a statement at the time.

The findings from the sweep suggest that the kind of practices Epic deployed are widespread among companies offering digital subscriptions to their products or services.