On November 13, 2024, the Office of the Privacy Commissioner of Canada and privacy regulators across Canada (the Regulators) announced a joint resolution (the Resolution) calling for action on the growing use of deceptive design patterns (DDPs), which are used on websites and mobile apps, including those targeted towards younger users, to influence, manipulate, or coerce users to make decisions that may not be in their best interests.

The Resolution is in partial response to findings from a global privacy sweep conducted earlier in the year by the Global Privacy Enforcement Network (as reported on by the E-TIPS® Newsletter here). The sweep team examined over 1,000 websites and apps and found that there is “an extremely high occurrence” of DDPs with at least one privacy-related DDP being in 99% of the Canadian websites/apps it examined. As a result, the Regulators are calling on private and public sector organizations to prioritize user privacy and avoid DDPs, thereby supporting users’ informed and autonomous choices.

Specifically, the Resolution states that private and public sector organizations are expected to do the following with respect to websites and apps:

  1. ensure that privacy is built in by default, using the concept of privacy-by-design as the basis for a design framework;
  2. limit personal information collection to what is necessary for the purposes identified by the organization;
  3. promote transparency when collecting personal information using clear and simple language;
  4. examine and test the design architecture and usability in order to determine the prevalence of DDPs and make improvements to limit user exposure to DDPs and support users in making informed privacy decisions; and
  5. choose design elements that adhere to Canadian privacy principles.

The Resolution also provides examples of good privacy design practices, including: (i) ensuring that privacy settings are easily accessible to users at all times (not only upon the first visit); (ii) reducing the number of clicks required to navigate and adjust users’ privacy choices; and (iii) providing just-in-time consent options that allow users to make contextually relevant privacy decisions.

The full text of the Resolution can be found here.

Summary By: Steffi Tran

 

E-TIPS® ISSUE

24 11 27

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.