Managing User Preferences and Dark Patterns
Managing preferences raises challenges of scope, mechanism, linking across channels, time period, and third-party vendors. Good practice: the channel for marketing should be the channel for opting out; CAN-SPAM and GLBA codify cross-channel and online-mechanism rules. Dark patterns are increasingly barred as valid consent.
- Scope: an opt-out's breadth varies - financial institutions must offer opt-out before third-party sharing, but affiliate sharing needs none; some opt-outs are by channel
- Mechanism: the marketing channel should be the opt-out channel - CAN-SPAM requires an online mechanism for email; you cannot force mail/phone opt-out
- Linking: implement preferences across channels - under GLBA a bank must honor an opt-out across all communications regardless of media
- Time period: CAN-SPAM and Telemarketing Sales Rules set processing timeframes
- Third-party vendors: must honor preferences expressed to the first organization
Individuals who lack a real choice should not be led to believe they have one, and those with a choice must be able to exercise it - and to revoke consent freely after opting in. U.S. state laws increasingly prohibit dark patterns as a legitimate form of consent.
A good rule of thumb: the channel used for marketing should be the channel for opting out. CAN-SPAM writes this into law for email (an online opt-out mechanism is required; mail/phone-only is not acceptable).