The Spanish Data Protection Agency (AEPD) published a report on 10 July 2024, analyzing the impact of addictive patterns on the internet, particularly on minors. The report was presented at the “New Challenges for the Protection of People’s Rights in the Face of the Impact of the Internet” course, part of the 2024 Summer Activities of the Menéndez Pelayo International University (UIMP) in Santander.
Key Findings:
- Deceptive and Addictive Design: The report reveals that many online platforms, applications, and services use deceptive and addictive design patterns to prolong user engagement and collect more personal data. These strategies are especially harmful when targeting vulnerable populations, such as children and adolescents.
- Impact on Minors: Addictive patterns significantly influence minors’ preferences, interests, autonomy, and development. These practices pose a threat to their physical and mental integrity, affecting their decision-making and social interactions.
- Legal and Regulatory Implications: The AEPD report underscores the need for the European Data Protection Committee to address addictive patterns in its upcoming guidelines on the interrelation between the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA). The DSA already prohibits online platforms from designing interfaces that deceive or manipulate users or hinder their ability to make informed decisions.
Classification of Addictive Patterns:
- High-Level Patterns: Includes forced action, social engineering, interface interference, and persistence.
- Medium-Level Patterns: Target users’ psychological weaknesses and vulnerabilities.
- Low-Level Patterns: Context-specific execution methods, often detected through algorithms or manual methods.
AEPD’s Recommendations:
- Proactive Responsibility: The report emphasizes the importance of proactive responsibility, data protection by design and by default, transparency, legality, and data minimization.
- Collaboration: The AEPD will continue collaborating with the National Commission on Markets and Competition (CNMC) and promote guidelines that address the intersection of GDPR and DSA concerning addictive patterns.
Enforcement Actions:
- The European Commission has initiated sanctioning procedures against TikTok and Meta for potential DSA violations related to addictive patterns.
- TikTok Lite suspended a feature that rewarded additional screen time after the Commission’s provisional measures announcement.
The AEPD’s report is not connected to the GPEN sweep on deceptive design, however it also reaches similarly damning conclusions. Find the press release here and get a translation into English of the report on my blog here.
♻️ Share this if you found it useful.
💥 Follow me on Linkedin for updates and discussions on privacy, digital and AI education.
📍 Subscribe to my newsletter for weekly updates and insights – subscribers get an integrated view of the week and more information than on the blog.
