The interdisciplinary summer school on privacy provided an intensive one-week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summer school was to provide students with a solid background in the theory of privacy construction, modeling and protection from these three different perspectives. It also aimed to help them to establish a first international network with peers and senior academics across these disparate disciplines.
According to Gray et al. dark patterns started as a practitioner led initiative uncovering features of interface design crafted to trick users into doing things they may not want to do, but which benefit the business in question. More formally, the authors define it as instances in which designers use their knowledge of human behavior (e.g., psychology), and the desires of end users to implement deceptive functionality that is not in the user’s best interest.
At this summer school, they focused on dark patterns that impact users’ privacy or their ability to practice their data protection rights. Dark patterns raise crucial questions regarding compliance with European data protection legislation and ethical technology deployment. In January 2019 the French Data Protection Authority (CNIL) imposed a fine of 50 million Euros on Google “in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization”, according to the CNIL. This sky-high fine illustrates the importance paid by regulators to combating dark patterns. Also, consumer organizations, like the Norwegian Consumer Council, have reported on how users are ‘deceived by design’ by tech companies, discouraging people to exercise their rights to privacy. In this summer school, they proposed to look beyond the interface, and ask, where do dark patterns emerge in the production of internet-based services, in the organizing of software and hardware infrastructures, in the elaboration and interpretation of laws, in the push for certain economic models, and conceptions of data, systems, users, and the social. How do we come to recognize, uncover, resist and prevent dark patterns in these different socio-technical contexts?
Dark patterns as a concept is not easy to pin down since manipulation of environment and behavior can be seen as a part of any design intervention. Yet, the rise of the concept is indicative that there is a considerable set of practices that are identified under the label of dark patterns. In this context, at the summer school, they discussed study dark matters and asked whether intentions matter, or outcomes can also serve as a way to identify whether a practice may qualify as a dark pattern in the context of privacy and data protection. Being able to think collectively about this hard question provided people with tools, methods and arguments to address the continuum between poor design or decisions, lack of resources, incompetence, recklessness, optimization, externalization of costs, and intentional patterns that lead to manipulation, deception or unwarranted levels of persuasion. They explored together where we can productively draw the line when it comes to patterns that harm vs. patterns that just do, and how technical, social, ethical, legal and economic practices may be reimagined to address these practices.
The summer school was interdisciplinary, involving the following disciplines: computer science, law and social sciences / media and communication studies.
The school lasted one week, with nine scheduled lectures (five-morning lectures and four-afternoon lectures) of two hours each. These nine lectures were equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures laid the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.
The remaining time was used for hands on working group sessions to study practical cases. The cases were offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs. Groups of six students, were formed to tackle the cases and reported back on their results in a plenary session.
The school was held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) were encouraged to stay at the summer school for the whole length of the school. The summer school was foremost aimed at PhD students from computer science, law and social sciences.
Participants of the summer school were awarded two ECTS (study credits) and received a certificate of attendance issued by the Radboud University attesting this.
COINS supported Elahe Fazeldehkordi to attend the ISP 2019 in Nijmegen, The Netherlands.