Learning from the Dark Side About How (not) to Engineer Privacy: Analysis of Dark Patterns Taxonomies from an ISO 29100 Perspective
Valoggia P., Sergeeva A., Rossi A., Botes M.
International Conference on Information Systems Security and Privacy, vol. 1, pp. 774-784, 2024
The privacy engineering literature proposes requirements for the design of technologies but gives little guidance on how to correctly fulfil them in practice. On the other hand, a growing number of taxonomies document examples of how to circumvent privacy requirements via ”dark patterns,” i.e., manipulative privacy-invasive interface designs. To improve the actionability of the knowledge about dark patterns for the privacy engineering community, we matched a selection of existing dark patterns classifications with the ISO/IEC 29100:2011 standard on Privacy Principles by performing an iterative expert analysis, which resulted in clusters of dark patterns that potentially violate the ISO privacy engineering requirements. Our results can be used to develop practical guidelines for the implementation of technology designs that comply with the ISO Privacy Principles.