Two guidelines from the European Data Protection Board (EDPB) are now final. These are the guidelines on misleading designs ("dark patterns") on social media and the guidelines on the rules when importing data from the European Union (EU).
The guidelines were drafted in 2021 and 2022 by the Personal Data Authority (AP) and the other privacy regulators in Europe, united in the EDPB. They are now final after being open to comments and suggestions from other parties.
The Guidelines on deceptive design patterns in social media platform interfaces: how to recognize and avoid them provide practical recommendations for designers as well as users of social media (1).
They are about "dark patterns. These are interfaces that 'direct' users to make choices they don't want to make. And that may even be harmful to them.
The guidelines were modified after suggestions from other parties:
The list of misleading design types has been updated.
The examples of deceptive designs have been expanded and made more concrete to show how the General Data Protection Regulation (GDPR) applies.
A list of good examples has been created that companies can use to replace any misleading designs.
The Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR deal with the import of data from the EU (2).
For some organizations that collect personal data directly from outside the EU from people in the EU, it is not always clear whether they need to provide additional protection for that personal data.
These are companies to which the AVG applies directly through Article 3 of the AVG. These guidelines clarify this.
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-032022-deceptive-design-patterns-social-media_en
https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-052021-interplay-between-application-article-3_en
