by David L. Rice and Christopher W. Savage
On September 4, 2024, the California Privacy Protection Agency (“CPPA”) announced that it issued an Enforcement Advisory (“Advisory”) providing guidance on how to avoid using prohibited “Dark Patterns” to obtain consent from consumers. Businesses subject to the California Consumer Privacy Act (CCPA) routinely request consent from consumers related to their personal information and in handling consumer requests to exercise their statutory rights regarding their personal information. The CPPA’s advisory is a strong signal that the time for businesses to identify and remove Dark Patterns in these processes is now—before the CPPA commences enforcement—by reviewing user interfaces to ensure the language and interface design offering consumers privacy choices is clear and symmetrical.