Definition
Obstruction is a type of deceptive pattern that deliberately creates obstacles or roadblocks in the user's path, making it more difficult for them to complete a desired task or take a certain action. It is used to exhaust users and make them give up, when their goals are contrary to the business's revenue or growth objectives. It is also sometimes used to soften up users in preparation for a bigger deception. When users are frustrated or fatigued, they become more susceptible to manipulation.
Example
Facebook used an obstruction technique by making it easy to agree to privacy-invading settings but difficult to reject them. Facebook's interface had a button to “accept and continue” with just one click, but to reject the settings, the user had to click an unclear button and toggle a switch to the left. This made it confusing for users, and they couldn't be sure if they successfully protected their privacy. (Image source: Norwegian Consumer Council, 2018)
References
Price comparison prevention (Brignull, 2010), hard to cancel (Mathur et al., 2019), roach motel (Brignull, 2010).
Related laws
Consent is a voluntary agreement by an individual for their personal data processing, after being informed of its specific purposes and conditions.
Legal basis for processing personal data are performance of contract, legal obligations compliance, protection of vital interests, controller's legitimate interests, and data subject's consent.
Valid consent conditions include being freely given, specific, informed, and unambiguous, and the data subject should be able to withdraw it anytime.
Ensures transparent information and easy access for individuals to their personal data processing, with the right to obtain a copy in a clear and common format.
Controllers must provide identity, contact details, processing purposes and legal basis, recipient information, retention period, and data subject rights when collecting personal data.
Specifies required information for data subjects when collecting personal data from other sources, including controller identity, processing purposes, personal data categories, recipients, and retention period.
Requires website operators to obtain user consent before storing or accessing information on the user's device through cookies or similar technologies.
Users must give informed and unambiguous consent and receive clear information about cookies, including processing purposes and data controller identity, according to the law.
Requires personal data to be processed lawfully, fairly, and transparently.
Empowers supervisory authorities to carry out investigations and order controllers and processors to comply with the regulation.
Prevents dishonest or misleading actions involving the gathering, utilization, and/or exposure of children's personal information on the Internet
Prohibits deceptive acts or practices that misrepresent or omit material facts.
Requires companies to obtain consumer's consent before charging their credit or debit cards for goods or services offered through a "negative option feature."
Prohibits deceptive practices, fraud, and misrepresentations in the sale or advertisement of merchandise.
Related cases
€50,000 in fines
€60,000,000 in fines
Final decision pending
€225,000,000 in fines
Reprimand issued
€50,000,000 in fines
$245 million in fines
$85 million settlement
Pending