• Skip to main content
  • Skip to footer
  • About
    • Leadership
    • Code of Ethics
    • Privacy Commitment
    • PACC Fellows
    • Speaking Invitations & Media Requests
  • Get Involved
    • Join the PACC
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
        • Sponsors and Partners
      • Member Contact Update
    • Subscribe
    • Donate
      • Donor Bill of Rights
    • Speak Out
    • Volunteer
  • Certification
    • Guiding the Profession
    • Why Pursue Certification?
    • Benefits of Certification
    • Certificate or Certification?
    • Recertification
    • Certification FAQ
    • Accreditation
  • Careers
    • Current Opportunities
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • International Data Flows
      • SPARC Contribution Guidelines
      • Commissioners & Legislation
    • Reports
    • Recommended Reading
    • Media
    • Reports
  • News & Views
  • Training
    • Events Calendar
    • Privacy & Data Governance Congress 2026
    • Congress 2025 Presentation Resources
    • Past Events
    • Professional Development
    • Suggest a Speaker
  • Bill C-2
  • Login

Privacy and Access Council of Canada

The voice for privacy and access

Canadian privacy regulators pass resolution to address privacy-related harms resulting from deceptive design patterns

13/Nov/2024

Privacy regulators from across Canada have issued a joint resolution calling on public and private sector organizations to avoid platform designs and practices that would influence, manipulate, or coerce users into making decisions that go against their privacy interests and to ensure that users can make informed privacy decisions.

Passed at their October annual meeting, hosted by the Information and Privacy Commissioner of Ontario, the resolution outlines key measures for organizations to adopt privacy-first design practices:

  • Ensure that privacy is built in by default, using the concept of privacy-by-design as the basis for a design framework, also ensuring that the best interests of young people are built in from the design stage;
  • Limit personal information collection to that which is necessary for the purposes identified by the organization, as DDPs such as forced action and interface interference are often used to collect more personal information than is necessary for the service;
  • Promote transparency when collecting personal information using clear and simple language as a way of both complying with privacy laws and fostering trust between the organization and its users;
  • Examine and test the design architecture and usability in order to determine the prevalence of deceptive design patterns (DDPs) and to make improvements to these platforms to limit a user’s exposure to DDPs and support users in making informed privacy decisions;
  • Choose design elements that adhere to privacy principles as found in Canadian privacy legislation, that take the users’ interests into account and that do not generate negative habits or behaviors in users.

Deceptive design patterns, often referred to as dark patterns, manipulate or coerce users into making decisions that may not be in their best interests, particularly children. These patterns are frequently used on websites and mobile apps, and their prevalence is a growing concern for regulators, especially as more of Canadians’ daily activities move online.

In 2024, the Global Privacy Enforcement Network (GPEN) launched a sweep of websites and apps, examining the prevalence of privacy-related DDPs. Some Canadian privacy regulators joined this international effort, which examined over 1,000 websites and apps across multiple sectors, including retail, social media, news, entertainment, health, fitness, and those aimed at children.

The findings were troubling: 99 percent of Canadian digital platforms examined in the sweep included at least one deceptive design pattern, with especially high levels of DDPs on platforms designed for children.

The privacy commissioners and ombuds commit to collaborating with governments and other interested parties to modernize design standards, reduce the presence of DDPs, and champion privacy-friendly design patterns that respect user autonomy.

Read the resolution

Learn more about the psychology behind dark patterns

Filed Under: Guidance, Privacy, Technology Tagged With: AI, Privacy

Footer

PACC is THE voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

None of the content herein may be used or reproduced in any manner for the purpose of training AI technologies or systems.

Recent Posts

  • Global Comparative Testing of Responses to FOI Requests
  • PACC Joins the Call to Withdraw Bill C-2
  • Transparency Performance Indicators
  • Canada’s Children’s Privacy Code
  • International Day for Universal Access to Information 2025
  • Boundless boundaries of the Strong Borders Act

ABOUT

MEMBERSHIP

CERTIFICATION

CAREERS

RESOURCES

BLOG

CONTACT

PRIVACY

 

Thanks to QuestionPro’s wide range of free survey templates designed by industry experts. We now know exactly where to improve
…………

© 2025 · Privacy and Access Council of Canada · Maintained by SLIcore Design.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.