Dark patterns in the post-cookie era: How interface regulation transforms digital advertising in the EU and the US

The transition toward the so-called post-cookie era, driven by the decision of major technology companies to abandon third-party cookies, is significantly reshaping the architecture of digital advertising. In the context of narrowing possibilities for conventional online tracking, interface practices for obtaining consent and interacting with users have been gaining importance. However, these practices are increasingly being associated with so-called dark patterns. Accordingly, there arises a need to assess how different legal systems respond to such challenges. Since leading jurisdictions set the benchmarks for global regulation of behavior in information and telecommunication networks, including the Internet, the European Union and the United States play a key role in this process. In this light, the present study examines the similarities and differences between European and American approaches to regulating dark patterns. The stated objective has determined the selection of sources and research methods, which include EU and US legal acts, enforcement practices undertaken by data protection authorities, methodological documents, academic publications, and the results of the author’s own empirical analysis. The latter encompassed an examination of interface practices across several popular websites and services. The findings indicate that the European model is based on preventive regulation, which restricts the use of manipulative practices already at the design stage of user interfaces. At the same time, the American model functions predominantly on a post-intervention basis. Taken together, this leads to the conclusion that effective regulation of digital advertising requires the development of a digital environment architecture grounded in the principles of predictability, transparency, and data minimization, rather than on restricting manipulative practices. These processes should be ensured by both applicable legislation and specific algorithms designed by technology companies.

1. Baldwin, R., Cave, M., & Lodge, M. (2011). Understanding regulation: Theory, strategy, and practice (2nd ed.). Oxford University Press. https://doi.org/10.1093/acprof:osobl/9780199576081.001.0001

2. Berens, B. M., Bohlender, M., Dietmann, H., Krisam, C., Kulyk, O., & Volkamer, M. (2024). Cookie disclaimers: Dark patterns and lack of transparency. Computers & Security, 136, Article 103507. https://doi.org/10.1016/j. cose.2023.103507

3. Blumenthal-Barby, J. S. (2016). Biases and heuristics in decision making and their impact on autonomy. The American Journal of Bioethics, 16(5), 5–15. https://doi.org/10.1080/15265161.2016.1159750

4. Brenncke, M. (2024). Regulating Dark Patterns. Notre Dame Journal of International & Comparative Law, 14(1), 39–79.

5. Brignull, H., Miquel, M., Rosenberg, J., & Offer, J. (2015). Dark patterns-user interfaces designed to trick people. In Proceedings of the Poster Presentation, Australian Psychological Society Congress, 21–23.

6. Cohen, J. (2019). Bringing down the average: the case for a “less sophisticated” reasonableness standard in US and EU consumer law. Loyola Consumer Law Review, 32(1), Article 2.

7. Edidin, B., Kochetkova, K., & Sarankina, N. (2024). Digital Abuse: How Dark Patterns Manipulate Our Lives. Legal Issues in the Digital Age, 5(4), 4–27. https://doi.org/10.17323/2713-2749.2024.4.4.27

8. Gjorgjieski, V. (2024). Ethical standards in graphic design. Knowledge International Journal, 66(5), 575–578.

9. Gray, C., Kou, Y., Battles, B., Hoggatt, J., & Toombs, A. (2018). The dark (patterns) side of UX design. In R Mandryk (Ed.), CHI EA ‘18: Extended abstracts of the 2018 CHI Conference on Human Factors in Computing Systems (Article 534). Association for Computing Machinery. http://dx.doi.org/10.1145/3173574.3174108

10. Kahneman, D. (2013). Foreword. In E. Shafir (Ed.), The behavioral foundations of public policy (pp. VII–IX). Princeton University Press.

11. Kollmer, T., & Eckhardt, A. (2023). Dark patterns. Business & Information Systems Engineering, 65(2), 201–208. https://doi.org/10.1007/s12599-022-00783-7

12. Leiser, M., & Santos, C. (2024). Dark patterns, enforcement, and the emerging digital design acquis: Manipulation beneath the interface. European Journal of Law and Technology, 15(1), 1–30. https://ejlt.org/index.php/ejlt/article/view/990

13. Li, D. (2022). The FTC and the CPRA’s regulation of dark patterns in cookie consent notices. The University of Chicago Business Law Review, 1(1), 561–590.

14. Mathur, A., Mayer, J., & Kshirsagar, M. (2021). What makes a dark pattern... dark?: Design attributes, normative considerations, and measurement methods. In Y. Kitamura, A. Quigley, K. Isbister, T. Igarashi (Eds.), CHI EA ‘21: Extended Abstracts of the 2021 CHI Conference on Human Factors in Computing Systems (Article 360). Association for Computing Machinery. https://doi.org/10.1145/3411764.3445610

15. Nouwens, M., Liccardi, I., Veale, M., Karger, D., & Kagal, L. (2020). Dark Patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. In R. Bernhaupt, F. Mueller, D. Verweij, J. Andres (Eds.), Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (CHI ‘20) (pp. 1–13). Association for Computing Machinery. https://doi.org/10.1145/3313831.3376321

16. Santos, C., Morozovaite, V., & De Conca, S. (2025). No harm no foul: How harms caused by dark patterns are conceptualised and tackled under EU data protection, consumer and competition laws. Information & Communications Technology Law, 34(3), 329–375. https://doi.org/10.1080/13600834.2025.2461958

17. Tran, V. H., Mehrotra, A., Sharma, R., Chetty, M., Feamster, N., Frankenreiter, J., & Strahilevitz, L. (2024). Dark patterns in the opt-out process and compliance with the California Consumer Privacy Act (CCPA). ArXiv. https://doi.org/10.48550/arXiv.2409.09222