The European Union (EU) is advancing toward a new initiative, the Digital Fairness Act (DFA), which is expected to tackle a broad set of harmful practices in the digital environment. In particular, the DFA is likely to address:

​

• Dark patterns that pressure, deceive, or mislead consumers into making choices they would not otherwise make.

 

• Addictive design features that exploit psychological vulnerabilities and encourage excessive use or spending, particularly among minors.

 

• Certain personalisation practices, such as profiling and personalised pricing that are deemed to unfairly exploit consumer vulnerabilities.

 

• Unfair price practices including “drip pricing,” misleading discounts, and deceptive “starting from” prices in dynamic pricing systems.

 

• Digital contract management, such as complex subscription cancellations, automatic renewals, conversion of free trials into paid services without explicit consent.

 

• Inadequate customer service, such as excessive reliance on chatbots.
   

• Harmful practices by influencers, including the failure to disclose commercial partnerships and the promotion of harmful products, and clearer responsibilities for companies collaborating with influencers.

 

This paper supported by CCIA Europe seeks to support the DFA’s design by reviewing how 12 flagship European Union (EU) digital, data, and consumer protection laws have already addressed the issues the DFA is expected to address. This paper reaches five main conclusions:

 

• The EU has already tackled dark patterns in various ways. Some of these include the Digital Services Act (DSA) and Data Act’s prohibitions on manipulative UI designs and dark patterns; the AI Act’s ban on subliminal and exploitative techniques that distort user decision-making; the Unfair Commercial Practices Directive (UCPD)’s broad prohibition on deceptive patterns related to business-to-consumer (B2C) commercial practices; and the European Data Protection Board (EDPB) Guidelines clarifying deceptive design patterns under the General Data Protection Regulation (GDPR). EU’s existing laws also already require transparency, understandability, and accessibility, and include special protections aimed at further protecting for minors and vulnerable groups.

 

• The DFA, if put in place, should be highly targeted and evidence-based, and only address critical and clearly identifiable gaps in existing laws.

 

• The DFA’s’ enforcement should be case-by-case and focused on systematic abuses.

 

• Critically, any new legislation should avoid undermining the value that European consumers and SMEs are drawing from personalisation, which is shown in an accompanying Nextrade paper to have significant welfare gains for Europeans.

 

• Where immediate action is needed, an effective enforcement mechanism could be deployed, enhancing work of the existing Consumer Protection Cooperation (CPC) network.