Cases

On December 12, 2024, Noyb lodged a GDPR complaint with the CNIL against social media app BeReal, accusing it of using dark patterns to pressure users into consenting to data processing for ads. Since July 2024, BeReal has displayed a consent banner that vanishes permanently if users accept but reappears daily if they refuse, disrupting app usage and nudging users to relent. Noyb argues this practice violates the GDPR requirement for consent to be freely given and cites EDPB guidelines condemning such manipulative tactics. BeReal, owned by French company Voodoo, is investigating the claims, while the CNIL has not yet announced whether it will take up the case.

On November 26, 2024, a group of major browser developers, including Opera, Vivaldi, Google Chrome, Wavebox, and Waterfox, formed the Browser Choice Alliance to challenge Microsoft's alleged use of dark patterns to limit users' ability to choose alternative browsers on Windows systems. The coalition accuses Microsoft of deceptive practices like making it difficult to download rival browsers, resetting default browsers during updates, and coercing users into using Microsoft Edge through prompts and service integration. The Alliance has called for regulatory action, urging the European Commission to classify Edge as a “gatekeeper” under the Digital Markets Act (DMA), highlighting concerns about unfair competition and consumer rights.

On November 6, 2024, the FTC charged Sitejabber, an AI-powered consumer review platform, with deceptive practices for inflating ratings and review counts. According to the complaint, Sitejabber collected reviews at the point of purchase—before customers could use the products or services—and falsely presented them as genuine feedback, misleading consumers and unfairly boosting the reputation of its clients. The platform also provided tools allowing businesses to display these pre-fulfillment reviews on their websites as authentic customer experiences. The FTC’s proposed order seeks to ban misrepresentation of reviews, prohibit tools enabling misleading practices, and mandate transparency in review collection and display to restore consumer trust and fair competition.

On October 24, 2024, U.S. District Judge Yvonne Gonzalez Rogers ruled that school districts may pursue negligence claims against social media companies like Meta, TikTok, Snapchat, and YouTube, alleging that their platforms uses dark patterns to foster student addiction and burden school resources. This decision enables schools to seek compensation for costs linked to addressing social media addiction, such as the hiring of mental health staff, marking a step forward for districts in addressing the financial strain caused by students’ social media use. Judge Gonzalez Rogers highlighted that the districts’ financial harm is distinct from individual student injuries, as schools uniquely bear increased healthcare and support costs. Although the companies point to their efforts to protect young users—such as Meta's “Teen Accounts” and YouTube’s partnerships with mental health experts—the case advances toward bellwether trials where expert testimonies will explore the link between social media use and its alleged harm to students.

On October 23, 2024, three major industry groups—the Internet & Television Association, the Interactive Advertising Bureau, and the Electronic Security Association—filed a lawsuit against the Federal Trade Commission (FTC) to challenge its recently implemented "click-to-cancel" rule. This rule is designed to make canceling subscriptions easier, particularly for "negative option programs" that automatically renew unless canceled. The trade groups argue that the rule unjustly categorizes all such subscriptions as "deceptive" unless companies comply with the FTC’s strict new requirements. They contend that the regulation overreaches by attempting to control consumer contract terms broadly across industries, affecting over a billion U.S. paid subscriptions. Describing the rule as “arbitrary” and an “abuse of discretion,” the groups are seeking judicial intervention to block its implementation.

On the 3rd of October 2024, Arkansas’ Attorney General filed a lawsuit against Youtube alleging that YouTube employs deceptive design and practices to keep users, particularly minors, engaged on their platform, which is claimed to be harmful. The legal basis for this action stems from the Arkansas Deceptive Trade Practices Act (ADTPA) and the Arkansas Public Nuisance Law. Key allegations include YouTube's alleged false representations about platform safety and the use of addictive design features that negatively impact public mental health, general health, safety, and welfare.

On September 25, 2024, the UK's Advertising Standards Authority (ASA) banned advertisements from Nike and Sky for misleading consumers through dark patterns. Nike's ad promoted a pair of trainers for £26 but failed to mention that the low price applied only to children's sizes, leading consumers to believe the offer included adult shoes. Similarly, Sky’s Now TV promotion offered a free trial without clearly stating that it would automatically renew with a charge unless canceled, with crucial details hidden in smaller, less noticeable text. Although both companies defended their actions, Nike stating that consumers would expect some size limitations and Sky asserting that the terms were clearly displayed, they have since committed to revising their practices following the ASA ruling.

On September 13, 2024, the Consumer Financial Protection Bureau (CFPB) filed a complaint against Reliant Holding Inc. and its CEO, Robert Kane, accusing them of deceptive practices and dark patterns related to their credit card program. The company targeted financially vulnerable consumers with misleading advertising, making them believe their credit card could be used broadly, when in fact it was limited to purchases at Reliant's online store, the Horizon Outlet. Reliant also charged illegal fees, including monthly membership fees of up to $24.99, exceeding legal limits under the Truth in Lending Act. Consumers faced significant difficulties canceling memberships, despite promises of easy refunds. Between 2017 and 2021, nearly 900,000 consumers were enrolled, with 93% never using the credit but paying over $45 million in fees. The CFPB is seeking a court order to halt these practices and provide restitution to affected consumers.

A class action lawsuit filed on September 12, 2024, accuses Amazon of deceptive advertising by using dark patterns to promote false "limited time" sale prices on its Fire TVs. The lawsuit claims that Amazon advertised discounts based on inflated or non-existent list prices, misleading consumers into believing they were getting significant bargains. It alleges that terms like "limited time" and percentage discounts, such as "-33%," created the illusion of savings, even though the TVs were rarely or never sold at the stated list prices within a 90-day window. The suit also argues that Amazon violated a March 2021 injunction prohibiting false advertising practices, continuing these tactics despite the legal order. The lawsuit seeks to represent all customers who bought Fire TVs under these misleading discount claims.

On September 6, 2024, the Belgian Data Protection Authority (DPA) issued a decision against Mediahuis NV for violating GDPR through improper cookie practices and the use of dark patterns. Mediahuis, a major European media company, failed to provide a clear "Decline" option for cookies, instead using misleading button colors to pressure users into accepting them. Additionally, withdrawing consent was intentionally made more difficult than giving it, violating users' autonomy under GDPR rules. The DPA found that Mediahuis's consent process was neither free nor unambiguous, breaching GDPR and the ePrivacy Directive. The company was ordered to update its cookie banner within 45 days or face fines of €25,000 per day for non-compliance.

[**UPDATE**](https://www.ftc.gov/news-events/news/press-releases/2024/10/ftc-sends-more-25-million-consumers-deceived-credit-karmas-allegedly-false-pre-approved-credit) On the 31th of October 2024, the Federal Trade Commission declared that it will be distributing over $2.5 million to nearly 51,000 consumers who were misled by Credit Karma to compensate them for time wasted applying to offers from the company. - The FTC took action against Credit Karma in 2022, accusing the company of falsely telling consumers they were “pre-approved” for credit cards with “90% odds” of approval, despite many being denied. Under a settlement, Credit Karma agreed to halt these misleading practices and compensate affected consumers. The FTC filed a lawsuit against Credit Karma in 2022 claiming the credit company used dark patterns to lead consumers to take actions in the company's favor despite potential consumer harm. - Credit Karma’s interface, designed using A/B testing, showed that terms like “pre-approved” boosted clicks more effectively than alternatives like “excellent” approval odds when in fact, a substantial portion of consumers were denied after applying. According to the FTC, Credit Karma violated Section 5 of the FTC Act by misleading consumers about their approval odds. This deception led about one-third of applicants to be denied for such offers, often with information about potential denial hidden in disclaimers. - The FTC further claims that consumers suffered tangible harm from these misrepresentations. Many wasted time applying for credit they were unlikely to receive, and the “hard inquiries” associated with their applications often lowered their credit scores. This impacted their eligibility for other financial products, causing lasting effects on their financial options.

The Justice Department, together with the Attorneys General of North Carolina, California, Colorado, Connecticut, Minnesota, Oregon, Tennessee, and Washington, filed a civil antitrust lawsuit today against RealPage Inc. for its unlawful scheme to decrease competition among landlords in apartment pricing and to monopolize the market for commercial revenue management software that landlords use to price apartments. • RealPage acknowledged that its software is aimed at maximizing prices for landlords, referring to its products as “driving every possible opportunity to increase price,” “avoid[ing] the race to the bottom in down markets,” and “a rising tide raises all ships.”

Guernsey focused on the gambling sector, reviewing 19 online gaming sites and finding indicators of deceptive designs in all sites swept. **In 42% of cases, the sweeper was unable to find the website or app’s privacy settings.** The absence of privacy settings, or difficulty in locating them, prevents users from being in control of their information. **While most sites had a privacy policy, they were generally found to be unnecessarily lengthy and complex.** Our law requires that information is provided to individuals in a manner that they can understand. Lengthy documents and complex wording hinder comprehension. And finally, **in many cases it was more difficult to delete an account than it was to create one.**

On May 15, 2024, Arizona Attorney General Kris Mayes filed two lawsuits against Amazon, accusing the company of violating consumer fraud and antitrust laws. The consumer fraud lawsuit focus on Amazon's use of dark patterns to discourage consumers from cancelling their Prime memberships.

The FTC has issued guidance on security risks related to AI, targeted ads, and surveillance tools, urging companies to adopt strong data management and security practices. It warns against using dark patterns that mislead consumers into compromising privacy, citing cases like Vizio's unauthorized data collection. The FTC emphasizes the need for transparent interfaces, user consent, and vows strict enforcement against deceptive practices.

New Jersey has enacted Bill 332, becoming the 14th state to have a comprehensive state privacy law. The law, effective from January 2025, applies to controllers conducting business in New Jersey or targeting New Jersey residents. It includes obligations for controllers such as data minimization, privacy notice requirements (including a reasonably accessible, clear, and meaningful privacy notice), obtaining consumer consent for sensitive data, and implementing data security practices. The law also introduces a universal opt-out mechanism for targeted advertising or data "sale" and standard consumer rights.