Policymakers in the European Union have started to expressly regulate commercial practices that exploit consumer behavioural biases for commercial purposes. This type of regulation expressly acknowledges a commercial practice’s effect on consumers’ psychological mechanisms in the form of cognitive or affective biases. The objective of this type of regulation is to counteract the impact of such practices on consumer decision-making and behaviour. These exploitative practices have thrived in the digital world due to advancements in technology such as extensive data collection on consumers’ online behaviour, machine-learning algorithms that analyse these data for behavioural patterns, and A/B testing of interface designs aimed at maximizing firms’ profits (Crawford et al., 2023, p. 131). The European Commission (2020, p. 18) has called such practices a new form of risk in digital environments that can affect virtually all consumers. Examples are legion, and large online platforms like Amazon, Facebook, and Google have recently faced intense scrutiny for using digital design choices that exploit consumer biases and cause consumer harm (Competition and Markets Authority (UK), 2020, para. 4.173; Forbrukerrådet 2021, pp. 6, 27). It is therefore not surprising to see a growing call for and a trend towards expressly regulating commercial practices that exploit consumer biases (referred to in this Article as “behavioural exploitation”) not just in the EU but also in the USA, for example (Federal Trade Commision, 2022; OECD, 2022). The newest example in the EU is Article 25 of Regulation (EU) 2022/2065 on a single market for digital services (Digital Services Act), which prohibits so-called dark patterns on online platforms.

Despite the growing scholarly literature on the regulation of behavioural exploitation, the key concept of exploitation is rarely concretised or defined. The legal significance of exploitation is often assumed, but not explained. This gap is substantial and surprising given that the concept of exploitation is central for demarcating the line between advantage-takings of consumer biases that merit regulation and those that do not. Scholars repeatedly emphasize the challenge of delineating the line between (i) acceptable marketing and advertising practices and (ii) behavioural exploitation, highlighting the need for further research (Clifford, 2017, p. 34; Luguri & Strahilevitz, 2021, pp. 97, 102). This Article addresses this gap by examining the legal meaning and significance of exploitation in EU consumer law as it pertains to regulating behavioural exploitation in online choice architectures in business-to-consumer (B2C) relationships.Footnote 1 The Article develops a theory of exploitation for (behavioural) consumer law that applies to online choice architectures and unfair commercial practices in general. The Article ultimately argues that the autonomy theory of exploitation provides the theoretical foundation and conceptual underpinning for the provisions regulating behavioural exploitation in online choice architectures in the EU.

Choice architecture refers to the environment in which consumers make decisions and how choices and information is presented to them. In the online context, examples include the design of interfaces like the position, size, and colour of a Buy or Agree button on a shopping website, the pre-selection of an option by default, scarcity claims, or the number of steps needed to cancel a subscription online. Empirical research increasingly demonstrates that the design of online choice architectures using verbal or nonverbal stimuli can significantly affect consumer decision-making and choice outcomes both at the individual and aggregate levels (Competition and Markets Authority (UK), 2022) contains a discussion of the literature). While the issue of behavioural exploitation predates the online world and also applies in analogue choice architectures like brick-and-mortar stores, the digital transformation and the data economy have increased the prevalence, sophistication, personalisation, and effectiveness of commercial practices that exploit consumer behavioural biases (Lupiáñez-Villanueva et al., 2022, p. 19; Mik, 2016, pp. 11–24). This explains why scholars and policymakers worldwide are focusing on the question of whether and when behavioural exploitation should be regulated within online choice architectures. This Article addresses this ongoing debate.

The legal theory of exploitation developed in this Article builds on the philosophical discourse on exploitation. Surprisingly, this discourse has been largely overlooked in the legal and economic literature discussing behavioural exploitation. For the first time, the Article brings empirical insights about consumer biases and advantage-takings of those biases by commercial practices into dialogue with philosophical theories about the meaning and wrongness of exploitation. In contrast to the prevailing approach in US-led legal scholarship, which adopts a behavioural law and economics framework rooted in economic theory (Bar-Gill et al., 2023; Bubb & Pildes, 2014; Thaler & Sunstein, 2021; van Loo & Aggarwal, 2023),Footnote 2 this Article presents an alternative methodology that utilises exploitation theory to address the research issue. It argues that this alternative methodology aligns better with the existing goals and scheme of EU consumer law compared to an approach to legal analysis that is driven by promoting consumer welfare through market efficiency. This perspective resonates with Whitman’s (2007, p. 402) claim that “American economic consumerism” has persistent differences to European consumer protection law. The challenge lies in the lack of a well-developed alternative to the economic paradigm for regulating behavioural exploitation such as dark patterns. This Article begins to bridge this gap in the literature.

Beyond its theoretical ambition, the Article’s practical relevance lies in offering a theory of exploitation that can assist policymakers in determining when a commercial practice that takes advantage of consumer behavioural biases is acceptable or requires regulatory intervention. Since policymakers in the EU have started to expressly regulate behavioural exploitation, this Article also demonstrates how defining and specifying the concept of exploitation helps interpreting these provisions. This makes them more effective tools of consumer protection and facilitates their application in borderline cases. Furthermore, the Article establishes criteria for an exploitation claim in EU consumer law. Whenever EU consumer law is understood to regulate behavioural exploitation, whether expressly stated or not, it should be interpreted in accordance with these criteria.

The Article is structured as follows. The first part sets the scene by highlighting existing and missing conceptual foundations for regulating behavioural exploitation. The second part identifies necessary and sufficient conditions for an exploitation claim in consumer law by drawing upon the discourse on exploitation theory in philosophy. The third part maps and explicates the provisions in EU consumer law that expressly regulate behavioural exploitation and apply to the design of online choice architectures. The fourth part forms the theoretical core of this article. It evaluates to what extent existing theories about the wrongness of exploitation are compatible with (i) the specific provisions regulating behavioural exploitation and (ii) the wider scheme and goals of EU consumer law. This part argues that the economic theory and the substantive fairness theory of exploitation are incompatible with unfair commercial practices law in the EU. Additionally, it argues against adopting the dignity theory of exploitation for EU consumer law. It further contends that the autonomy theory of exploitation should serve as the normative theory determining the (legal) wrongness of exploitation in EU consumer law.

Existing and Missing Conceptual Foundations

Commercial practices that exploit consumer behavioural biases encompass two main elements: consumer bias and exploitation. First, this part shows that there is a large scholarly consensus about the meaning of the concept of consumer bias.Footnote 3 Policymakers in the EU have adopted this meaning, too (European Commission, 2020, p. 18). Second, this part sets the scene for the remainder of this Article by pointing out that the conceptual foundations for the element of exploitation are by and large missing in scholarship.

The existing literature that discusses the legal treatment of commercial practices like online choice architectures that exploit consumer biases uses different terms for such practices: Behavioural exploitation (Wagner & Eidenmüller, 2019), exploitative private nudges (Esposito, 2018), (market) manipulation (Calo, 2014), and dark patterns (Luguri & Strahilevitz, 2021) are the most common ones. The terminological variation masks that a widespread consensus exists in this literature about the meaning of the term bias. Generally speaking, a bias occurs when actual human judgment or decision-making systematically, rather than randomly, departs from a normative benchmark (from how a decision-maker ought to decide) (Evans, 2007, p. 2). The dominant normative benchmark adopted in scholarship is rational choice theory (economic rationality), which refers to the optimal beliefs and choices assumed in the rational agent model that is dominant in neoclassical economics (e.g., Calo, 2014; Esposito, 2018; Luguri & Strahilevitz, 2021; Wagner & Eidenmüller, 2019). This meaning of the term bias has its foundations in behavioural economics, a field that has created a vast body of empirical research demonstrating that human behaviour is boundedly rational and that biases are widespread in human and consumer decision-making (e.g., DellaVigna, 2009; Zamir & Teichman, 2018, Chapter 2). Even though consumer biases are not distributed uniformly over the population and can differ from context to context, these departures from economic rationality are prevalent and consistent in aggregate, which makes them predictable and exploitable by commercial practices such as online choice architectures. The departure from economic rationality indicates that the concept of behavioural exploitation only captures those commercial practices that influence the choice behaviour of real consumers but would be ignored by a model rational consumer, whose choice behaviour is in line with the axioms of economic rationality (Hansen, 2016, p. 9, for nudging).

One example is the salient presentation of the strong historical performance of mutual funds in marketing communications, which affects consumer investment decisions even though past returns are poor predictors of future returns (Mercer et al., 2010). Other examples are commercial practices that influence choice behaviour because of default effects, loss aversion, or the way in which information is presented to consumers (e.g., framing). Framing effects refer to different but formally equivalent descriptions of a decision problem that can give rise to different preferences and thus lead to different decisions (Tversky & Kahneman, 1986). Such commercial practices work independently of (i) the changing of rationally relevant choice options, (ii) the changing of rationally relevant economic incentives, (iii) the mere provision of factual information, and (iv) rational argumentation. If the behavioural effect of a commercial practice can be fully explained by reasons (i) to (iv), the practice falls outside the scope of this Article as the practice does not take advantage of a bias. Coercive exploitation, for example, falls outside the scope of this Article as it closes or narrows an exploitee’s choice options and would not be ignored by a rational consumer.

In contrast to the relatively clear theoretical foundations of the concept of consumer bias, most of the literature discussing the exploitation of consumer biases by commercial practices and their possible regulation does not define or specify the concept of exploitation (e.g., Bar-Gill et al., 2023; Becher & Feldman, 2016; Calo, 2014; Jarovsky, 2022; Luguri & Strahilevitz, 2021; Sibony & Alemanno, 2015, pp. 10–11, 18–19; Spencer, 2020; Wagner & Eidenmüller, 2019; Zamir & Teichman, 2018, pp. 163–165, 282). The concept is typically invoked without much analysis or argument and lacks solid foundations. Its complex normativity is either ignored or overlooked. What is missing from the literature is a legal theory that specifies when an (online) choice architecture exploits consumer biases and when it does not. This Article addresses this gap in the literature by developing such a theory for EU consumer law.

Criteria of an Exploitation Claim in Consumer Law

This part makes three contributions to the literature. First, it identifies necessary and sufficient conditions for an exploitation claim in consumer law by building on the philosophical discourse on exploitation. Second, this part argues that (i) harm is a necessary element of an exploitation claim in law and (ii) the wrongness of commercial practices like online choice architectures that take advantage of consumer biases can be conceptualised as a subset of consumer harm. Third, this part clarifies the controversial relationship between exploitation and consumer vulnerability by proposing that consumer vulnerability is not a necessary element of the concept of exploitation in EU consumer law. The last section of this part shows that an exploitative B2C relationship may be justified, all things considered, which is why it is necessary to distinguish between the intensity of exploitation’s wrongness and the circumstances in which legal intervention in exploitation is warranted.

Necessary Criteria of an Exploitation Claim

According to Feinberg (1988, p. 178), common to all forms of interpersonal exploitation is that one party (A) gains some benefit from the interaction with another party (B) by taking advantage of some characteristic of B’s or some feature of B’s circumstances. Both the process of taking advantage and the exploitable characteristic or circumstance must be causal for the exploiter’s gain. The characteristic or circumstance that is taken advantage of can be internal or external to the exploitee. Feinberg notes that “[v]irtually any traits or circumstances are in principle exploitable, provided only that they are causally relevant to the exploiter’s purposes” (Feinberg, 1983, pp. 205–206). The internal characteristic of consumers that this Article focuses on are consumer biases. The dominant heuristics-and-biases literature in psychological science regards behavioural biases as an inherent human trait (Kahneman, 2011, pp. 10–13, 20–28). Therefore, a commercial practice does not create a consumer bias but takes advantage of a pre-existing consumer characteristic.Footnote 4 This process of advantage-taking in online choice architectures occurs by designing the online choice environment in such a way that this design choice triggers or exacerbates a consumer bias. When an online choice architecture has this effect on consumers and steers consumer decision-making toward a certain choice that benefits the business, the business engages in an active process that links the exploiter’s benefit with the exploitable characteristic. An example is a firm that sells flight tickets online and uses pre-ticked checkboxes for selling travel insurance as an add-on product. The next part of this Article explains that pre-ticked checkboxes as a design element in online choice architecture trigger consumer biases that drive the default effect. The firm profits from this advantage-taking as it is able to sell the add-on product.

Another example is a hotel website that advertises a room rate of €120 per night but adds mandatory fees for cleaning and Internet access at the end of a lengthy booking process. This practice, known as drip pricing, is prevalent in the live event, hotel, and airline industries. One common explanation for the effect of drip pricing on consumer decision-making is that this practice triggers behavioural biases, such as anchoring (Ahmetoglu et al., 2014). Consumers may anchor on the initial headline price and complete the purchasing process even if they would not have started the process had they known about the total price from the outset. The firm profits from taking advantage of consumer biases as it is able to sell the service or product (e.g., the hotel room) for more than the initial headline price.

Another criterion for an exploitation claim in consumer law is that the advantage-taking must violate a normative benchmark which the law protects. Without this normative criterion, legal intervention in the advantage-taking would not be justified. The parallel in the philosophical analysis of exploitation is that exploitation is generally considered to be a moralised concept (Feinberg, 1983, p. 202; Sample, 2003, p. 4; Wertheimer, 1996, p. 6). It must involve a moral wrong, i.e., it must violate a particular moral benchmark. To distinguish between wrongful advantage-takings and non-exploitative advantage-takings, a normative theory is needed both for the ethical and the legal concept of exploitation. Since regulating behavioural exploitation uses the morally loaded term of exploitation, it can be assumed that the legal wrong of exploitation is built upon a particular moral wrong of exploitation and that both the legal and the moral concept adopt the same normative benchmark. Whereas the legal wrong of exploitation is underspecified in behaviourally informed consumer law, both in theory and practice, different extra-legal theories of the wrongness of exploitation have been proposed in the philosophical literature. The fourth part of this Article will analyse these theories and determine which of these theories is compatible with EU consumer law regulating behavioural exploitation.

The wrongness of exploitation can be the result of a procedural defect or substantive defect in the B2C relationship (Zwolinski et al., 2022). A procedural defect pertains to the conditions or circumstances under which the B2C transaction came about, independent of the outcome of the transaction.Footnote 5 The wrong lies in the way in which the exploiter treats the exploitee. Coercion and pressure, for example, are examples of procedural defects. A substantive defect refers to the substantive terms (the outcome) of the transaction rather than the manner in which the agreement was reached. A substantive defect occurs, for example, if the content of a B2C contract contains an unfair distribution of the rights and obligations of the parties. By distinguishing between procedural and substantive defects, it is possible to classify different accounts of the wrongness of exploitation into the following three meta-theories (see Jansen & Wall, 2013, p. 383). The outcome-exclusive theory of exploitation holds that exploitation always involves an unfair outcome relative to a fairness baseline, which specifies how much each party ought to gain from a transaction. Exploitation is exclusively concerned with fairness in result. According to the process-exclusive theory of exploitation, the exploitative nature of a transaction is determined solely by the way in which the outcome has come about, irrespective of how the gains in a transaction are distributed. According to the inclusive theory of exploitation, a transaction is exploitative if, and only if, the outcome violates a distributive fairness principle and there is a defect in the process that accounts for the unfair distributive outcome.

Before continuing the analysis of the necessary criteria for an exploitation claim, it is important to note that a consumer bias is not, in and of itself, a procedural defect that establishes the wrongness of exploitation. First, the presence of a consumer bias does not say anything about the conduct of the exploiter. Second, claiming that simply transacting with a biased consumer makes the transaction wrong would mean that a large number of daily consumer transactions would be exploitative. Exploitation would be ubiquitous. If biased decision-making is an inherent human trait, it cannot be wrong to transact with a biased consumer. Furthermore, taking advantage of a consumer bias does not automatically constitute a procedural or substantive defect and render the advantage-taking exploitative. This is acknowledged by Wertheimer (1996, p. 298), who distinguishes between (i) taking advantage of unfortunate background circumstances and (ii) taking unfair advantage of such circumstances. The procedural or substantive unfairness of a transaction differs from an existing defect in the background circumstances of the transaction. Even if a consumer bias were seen as a misfortune or a kind of background injustice, exploitation would require that a business takes wrongful (unfair under Wertheimer’s theory) advantage of a consumer bias. Exploitation requires a transaction-specific wrong (Wertheimer, 1996, p. 216), which links to an action or omission by the business and which must be causal for the exploiter’s gain.

Exploitation and Consumer Harm

This section asks whether harm is another necessary element of an exploitation claim in consumer law. It is argued that it is. It is often said that an exploiter (A) gains at the exploitee’s (B) expense (e.g., Mayer, 2007, p. 137; Roemer, 1982, pp. 300–301). The process of gain at another’s expense inflicts a loss on B and harms B relative to a normative baseline (Mayer, 2007, pp. 140–142). Harm can occur even if the exploitee is not materially worse off after the transaction. Mayer, for example, adopts a fairness baseline and argues that (i) B loses relative to a fairness baseline and (ii) the violation of the fairness baseline is what makes A’s gain wrongful (Mayer, 2007, pp. 140–142). He gives the example of a sweatshop labourer who is better off compared to unemployment. However, the labourer still suffers a loss relative to the fairness baseline due to the insufficient compensation. The wrongness of exploitation therefore corresponds with its harm element. All exploitation is harmful (relative to the baseline) in this sense. Hence, the wrongness of online choice architectures that exploit consumer biases can be conceptualised as a subset of consumer harm. This clarifies that regulating behavioural exploitation is not concerned with immorality as a sufficient condition for legal intervention. Regulating behavioural exploitation prevents harm to the exploitee.Footnote 6

The presence of consumer harm in an exploitation claim is also necessary for the purposes of regulating exploitative B2C relationships. That is because harm to consumers is a necessary criterion for state intervention in consumer markets with consumer protection law. Consumer harm as a legal concept can be broadly defined as negative outcomes for consumers relative to a normative benchmark, which is set by a consumer law’s ultimate goal(s) (Brenncke, 2022, p. 206). These goals may refer to total welfare, consumer welfare, consumer autonomy, or fairness, for example. There is a significant overlap between this legal concept of consumer harm and the harm element of an exploitation claim. When a law expressly regulates behavioural exploitation, the law aims to protect consumers from the wrong of exploitation. The law presupposes that the harm element of exploitation is legally cognisable consumer harm. The law thus recognises the normative baseline that is used to determine the wrongness of exploitation as a normative benchmark for assessing the presence of consumer harm. That does not mean, however, that the wrongness of exploitation contains a comprehensive assessment of consumer harm. The legal concept of consumer harm is wider than the wrongness element of exploitation as the former incorporates harmful consequences of exploitation that affect an exploitee’s other interests. For example, a specific consumer law that prohibits exploitative online choice architectures may define the wrongness of exploitation relative to a baseline of consumer autonomy. This law pursues consumer autonomy as a policy objective, and it may pursue other objectives like consumer welfare, too. An exploitative commercial practice which infringes the autonomy baseline may also cause harm to consumer welfare by creating economic harms for consumers. The harm to consumer welfare does not render the B2C relationship exploitative, but, as will be explained further below in this part, it is one normative criterion in the balancing exercise that determines whether legal intervention in behavioural exploitation is justified.

Exploitation and Vulnerability

This section addresses the question of whether vulnerability is a necessary element of an exploitation claim in consumer law. My argument posits that the concept of vulnerability should be excluded from a theory of exploitation for EU consumer law. This standpoint contradicts other accounts of the relationship between behavioural exploitation and consumer vulnerability. For instance, some scholars understand consumer biases as a vulnerability that firms can exploit (Becher & Feldman, 2016, pp. 117–118; Helberger et al., 2022, p. 187; Susser et al., 2019a, p. 22). Similarly, the Stigler Committee on Digital Platforms (2019, p. 251) argues that vulnerabilities can stem from inherent consumer biases. Calo (2014, pp. 1033–1034) contends that behavioural exploitation aims to render consumers vulnerable. In Calo’s account, the exploitation of consumer biases may result in consumer vulnerability.

The existing legal literature has not yet drawn upon the philosophical discourse on exploitation theory in order to clarify the controversial relationship between behavioural exploitation and consumer vulnerability. The UCPD Guidelines by the European Commission (2021b) also lack a conceptualisation of exploitation. Some scholars in the field of exploitation theory assert that vulnerability is a necessary element of exploitation (Amin, 2019, pp. 95, 99; Wood, 1995, pp. 146–147). The consumer’s characteristic that the exploiter takes advantage of must amount to a vulnerability. This qualifies the exploitable characteristic criterion and distinguishes an exploitable characteristic from a characteristic that someone can take advantage of, but that does not amount to a vulnerability. This account of exploitation supports the view that consumer biases are a vulnerability that firms can exploit, but only if consumer biases qualify as a vulnerability. That depends on the meaning of vulnerability, and it is possible to distinguish between wide and narrow accounts of vulnerability in philosophical scholarship on exploitation.

Wood (1995, p. 143), for example, argues that needs and desires can sometimes constitute vulnerabilities that can be exploited. Wood (1995, pp. 142–143) adopts a wide meaning of vulnerability, and it appears that consumer biases can qualify as a vulnerability that can be exploited under his account. However, Wood does not provide substantive criteria that can determine when someone is vulnerable. One consequence of this is that Wood’s analysis of the concept of vulnerability remains vague and imprecise, which leads to problems of over- and under-inclusion (Amin, 2019, pp. 88–89). Sample’s account of exploitation also establishes a link between vulnerability and needs, but in contrast to Wood, she adopts a narrow meaning of vulnerability. She sees unfulfilled basic human needs as the principal form of vulnerability and specifies the meaning of needs by drawing on Nussbaum’s capabilities approach (Sample, 2003, pp. 74–81; Nussbaum, 2000, pp. 70–77). The meaning of needs therefore links to the basic capabilities necessary to lead a good human life. Can consumer biases be characterised as an unfulfilled basic human need that a firm can wrongfully take advantage of? This might be possible if a life without biases were seen as a basic human need and a threshold capacity for a good life. However, an unbiased human life is neither something that Nussbaum (2000, pp. 77–80) categorises as a threshold capability that all just societies must ensure nor something that Sample categorises as a basic human need. Sample (2003, p. 74) argues that need as a vulnerability involves “an extreme dependency with respect to something that one needs”. One does not need an unbiased human life to flourish and to live a good life. Studies have shown, for example, that departures from rational choice theory do not necessarily incur costs but can lead to more successful behaviour in certain environments (Arkes et al., 2016, pp. 22–27). Therefore, consumer biases do not constitute a vulnerability in Sample’s account of exploitation.

The disagreement between wide and narrow accounts of vulnerability in philosophical discourse also exists in legal scholarship, where the debate has focused on an unresolved issue about the meaning of vulnerability: Does vulnerability refer to a general human condition of susceptibility to harm or to specific groups of persons that have an increased susceptibility to harm due to specific characteristics? Even though EU consumer law does not provide a uniform answer to this issue, it predominantly adopts the latter position (Riefa, 2022, pp. 610–617; Waddington, 2020, pp. 791–795). For example, the EU’s main source of the law on unfair commercial practices, Directive 2005 on unfair commercial practices (UCPD), adopts a category-based classification of vulnerability that refers to internal and (semi-)permanent personal characteristics of clearly identifiable groups of persons in its Art. 5(3) (Mulder, 2021, pp. 734–735). The issue with adopting such a narrow meaning of vulnerability as part of a theory of exploitation for consumer law is that such a meaning is incompatible with existing EU legislation regulating behavioural exploitation. The protective scope of this legislation is not limited to clearly identifiable groups of consumers based on (semi-)permanent personal characteristics, such as age and disability, as the next part of this Article will show. For example, Article 22 of Directive 2011 on consumer rights (CRD) prohibits traders to use default options which the consumer is required to reject, like pre-ticked checkboxes in online choice architectures, as a mechanism to infer consent for any extra payments in addition to the remuneration agreed upon for the trader’s main contractual obligation. If Article 22 CRD were seen in the light of a vulnerability account of exploitation, it could be argued that the provision regards a consumer’s susceptibility to default effects as a vulnerability that traders can exploit. The protection from behavioural exploitation is not limited to specific groups of consumers that can be identified by a common characteristic but extends to all consumers. Rather than being limited by personal characteristics, the scope of the protection is limited by the situational context, i.e., the use of a default option as a mechanism of consent for an additional payment. The protective scope of Article 22 CRD extends to all consumers who are in this situation. What is also clear is that Sample’s narrow account of vulnerability is incompatible with Article 22 CRD as this provision is not limited to situations of unfulfilled basic needs.

Does a wide meaning of vulnerability fare better for a theory of exploitation for EU consumer law? Legal scholars have recently argued that EU consumer law should embrace the position that vulnerability is not an exception, reserved for particular groups of consumers, but a universal human condition, since all consumers face the risk of harm in specific situations (Helberger et al., 2022, p. 182; Riefa, 2022, pp. 617–621; Waddington, 2020, p. 785). According to Helberger et al. (2022, p. 194), “every consumer is to a varying degree dispositionally vulnerable to being profiled and targeted exploitatively” in digital choice environments. These scholars have drawn support from Fineman’s (2008, p. 11) influential theory of vulnerability as “a state of constant possibility of harm”. Fineman (2008, pp. 10–11) sees vulnerability as universal and constant, something that is inherent in the human condition but also particular in the sense that human vulnerabilities range in magnitude and potential at the individual level. Such a meaning of vulnerability emphasizes its context-dependent and situational character. The issue with such a wide meaning of vulnerability is that it has no added value for an exploitation claim in consumer law. I have argued in the previous section that all exploitation is harmful relative to a normative baseline. Since the susceptibility to harm needs to have materialised for a successful exploitation claim, adopting an additional vulnerability condition would only make sense if this condition was to limit the consumer characteristics and features of consumers’ circumstances that the exploiter can take advantage of. Otherwise, the harm condition of an exploitation claim would render the additional vulnerability condition redundant. The role of a vulnerability condition for a theory of exploitation is to distinguish between those consumer characteristics that are relevant for exploitation and those that are not. Understanding vulnerability as a state of constant possibility of harm, where the risk of harm is ever-present and can materialise in certain contexts, does not fulfil this limiting function of the vulnerability condition in a theory of exploitation for consumer law. This reasoning also explains why Wood’s wide account of vulnerability is over-inclusive.

To conclude this section, neither a wide nor a narrow meaning of vulnerability works well in a theory of exploitation for EU consumer law. Therefore, my argument is that vulnerability should not be adopted as a necessary element for an exploitation claim in this context. My position also avoids inconsistencies in EU consumer law. Even though Article 22 CRD could be interpreted in the light of a wide meaning of vulnerability as a universal human condition, such a reading of the provision would be at odds with the narrow meaning of vulnerability that is referred to in Recital 34 of the Directive, which speaks of the vulnerability of consumers “because of their mental, physical or psychological infirmity, age or credulity”.

Legal Intervention in Exploitation

The first two sections of this part identified the necessary and sufficient conditions for an exploitation claim in consumer law. Even if these conditions are met, it does not follow that a regulator can intervene in exploitative B2C relationships. We need to distinguish between two normative questions: When does online choice architecture amount to wrongful exploitation? When is legal intervention in exploitative online choice architecture justified? This distinction is required because an exploitative relationship may be justified, all things considered (Goodin, 1987, p. 173), if it advances protected interests, rights, or policy objectives. Wertheimer (1996, pp. 278–281), for example, distinguishes between the moral weight and the moral force of exploitation. Whereas the moral weight of exploitation links to the intensity of its wrongness, the moral force of exploitation asks what society or the state should do about exploitation. The moral weight of exploitation does not fully determine its moral force. The question of whether the law should intervene in exploitative online choice architectures is a question about the moral force of exploitation. If all the criteria of an exploitation claim in consumer law are met, exploitation is a prima facie legal wrong because it violates a normative benchmark that the law protects. Other protected interests, rights, or policy objectives may justify the exploitation. If exploitation is justified on balance, it does not violate the law. These countervailing considerations override, but they do not remove or neutralise the moral wrong or the prima facie legal wrong of exploitation (Bigwood, 2003, pp. 137–138; Goodin, 1987, p. 173). Under the autonomy theory of exploitation, for example, exploitation is wrong because it violates the exploitee’s personal autonomy. Other normative considerations may override or justify the autonomy violation, but they do not remove the autonomy violation.

Exploitation theory alone cannot answer the question of whether countervailing considerations exist, whether they override the exploitation, or whether the state can ultimately intervene in exploitative B2C relationships. What is required is a balancing exercise which weighs up conflicting normative arguments. Key arguments that a lawmaker should take into account are as follows: (i) the intensity of the wrongness of exploitation, which is determined by the extent of the harm and the extent of the exploiter’s gain; (ii) other consumer harms that stand outside the specific wrong of exploitation; (iii) the exploiter’s (contractual) freedom to enter into a relationship with the exploitee and the exploiter’s fundamental rights like freedom of expression or the freedom to conduct a business; and (iv) the possible welfare-enhancing nature of an exploitative B2C interaction if the exploitative interaction is beneficial for the consumer relative to a no-interaction baseline. Welfare gains may outweigh the wrong of exploitation if the interaction would not take place without the exploitation. Since the next Part of this Article discusses laws that expressly regulate behavioural exploitation, these laws already contain the assessment that behavioural exploitation warrants legal intervention and is not justified by other normative considerations.

The Regulation of Behavioural Exploitation in EU Consumer Law

Having specified the necessary and sufficient conditions for an exploitation claim in consumer law in the previous part of this Article, this part has two objectives. First, it maps and explicates the provisions in EU consumer law that expressly regulate behavioural exploitation and apply to the design of online choice architectures. A provision is considered to expressly regulate behavioural exploitation when the statutory language,; the recitals of the legislation, or the legislative materials specify that the provision is intended to regulate commercial practices that exploit consumer behavioural biases. Second, this part determines whether and how these provisions define or concretise the concept of exploitation. The latter analysis aims to derive a normative account of the wrongness of exploitation from existing EU consumer law. Such an account is needed to determine the legal meaning and significance of exploitation. My conclusion consists of three main points. First, EU consumer law recognises a legal right not to have one’s consumer biases exploited in the digital realm, albeit in limited contexts. Second, the relevant provisions in EU consumer law incorporate the image of a biased consumer. Third, these provisions contain only fragments of a normative theory of the wrongness of exploitation.

Before starting the analysis, it is important to provide two clarifications regarding the scope of this Article. First, in line with Reich and Micklitz (2014, p. 53), this Article adopts a broad concept of the consumer, which is concerned with user protection. The consumer can be characterised as a passive market citizen, who “enters into transactions to satisfy his/her needs without producing the product or service him/herself”. This broad concept of the consumer covers (i) retail investors, who are protected by Regulation (EU) (2014) on key information documents for packaged retail investment and insurance-based investment products (PRIIPs Regulation), and (ii) recipients of services, who are protected by the Digital Services Act (DSA). Recitals 27 and 17 PRIIPs Regulation provide clarity that retail investors are consumers. According to Article 1 DSA, consumer protection is one of the aims of the Digital Services Act. Hence, this Article also adopts a wide meaning of “consumer law”, which includes legislative provisions protecting consumers (in a wide sense) from having their biases exploited by commercial practices. Second, this Article does not discuss the controversial issue of whether the broad and principle-based provisions in Regulation (EU) (2016) on the protection of natural persons with regard to the processing of personal data (GDPR) and the UCPD can be (re-)interpreted to effectively protect consumers from commercial practices that exploit consumer biases (Hacker, 2021; Leiser, 2022; Martini & Drews, 2022, pp. 16–23). Scholars have voiced scepticism about the effectiveness of both legislative acts to capture behavioural exploitation such as dark patterns (Helberger et al., 2022, p. 195; Jarovsky, 2022, pp. 45–48, 50; Martini & Drews, 2022, p. 22). Neither the GDPR nor the UCPD was intentionally designed by EU lawmakers to capture behavioural exploitation. The text, the recitals, and the legislative materials of both legislative acts do not refer to behavioural biases or the exploitation of behavioural biases by commercial practices. The reality is that neither of them has significantly curbed the proliferation of behavioural exploitation to date, and this is a key reason why the European lawmaker decided to expressly regulate dark patterns in Article 25(1) DSA.

Consumer Rights Directive and Consumer Credit Directive II

Article 22 CRD marks the EU lawmaker’s first express attempt to inform legislation by behavioural insights (European Commission, 2016, p. 10). The provision grants the consumer a right to reimbursement of any payment in addition to the remuneration for the trader’s main contractual obligation for which the consumer’s consent was inferred “by using default options which the consumer is required to reject in order to avoid the additional payment”. A default in a choice context refers to the option that is pre-selected by the firm and that takes effect if the consumer does not make an active choice. Empirical evidence has shown that consumers are susceptible to accepting the default option in a choice context and that defaults can trigger behaviour change in consumers (for reviews, see Smith et al., 2013, pp. 160–161; Sunstein, 2013, pp. 11–17). An example of a default option in the context of Article 22 CRD is a pre-ticked checkbox for the purchase of travel insurance when a consumer purchases a flight ticket online. A consumer would be required to actively untick the checkbox if she does not want the travel insurance. Even though the reference to default options in Article 22 CRD clearly hints at default effects and the associated status quo bias as the underlying rationale for this provision, the legislative materials do not further justify this rule. This justification is now provided for by Article 15 of Directive (EU) (2023) on credit agreements for consumers (CCD II). The provision prohibits inferring an agreement for the conclusion of any consumer credit or the purchase of ancillary services through the presentation of default options like pre-ticked boxes. The European Commission (2021a) Impact Assessment for the Consumer Credit Directive II identifies practices by credit providers that exploit consumer biases and nudges them into sub-optimal choices, such as pre-ticked boxes, as one of the problem drivers that has hindered a high level of consumer protection in consumer credit markets. Banning the use of pre-ticked boxes is regarded as a means to tackle credit providers exploiting consumer biases. The Impact Assessment also identifies consumer biases as a mechanism that drives the default effect associated with pre-ticked boxes. Recital 67 of the Digital Services Act also links default effects to consumer biases.

Preventing behavioural exploitation thus serves as the rationale for regulating pre-ticked boxes. However, neither the text of the CRD and the CCD II nor their legislative materials specify what it is that makes such practices exploitative. At the meta-theoretical level, it appears that Article 22 CRD and Article 15 CCD II do not regulate pre-ticked boxes because the substantive terms of the B2C transaction are wrong relative to a substantive fairness baseline. The price charged to a consumer for an add-on travel insurance that is sold via a pre-ticked box online may be a fair price, for example, because it is a price that has emerged in a competitive market or because it distributes surplus equally. Even if the substantive terms of the transaction are fair, the transaction is still regulated by Article 22 CRD because of the way the transaction came about. Article 22 CRD targets a procedural defect in the transaction, which is why the provision is not compatible with the outcome-exclusive theory of exploitation or the inclusive theory of exploitation. The same applies to Article 15 CCD II.

Another example of an express regulation of behavioural exploitation in EU consumer law appears in Directive (EU) (2023)… as regards financial services contracts concluded at a distance. The new Directive repeals Directive 2002/65/EC concerning the distance marketing of consumer financial services, and it integrates rules governing distance contracts for consumer financial services into the Consumer Rights Directive. The Impact Assessment for the new Directive contains the most explicit discussion of behavioural exploitation in EU legislative materials to-date. According to the European Commission (2022b, pp. 17, 98), the increasing digitalisation of financial services has led to new market practices that exploit consumer behavioural biases. The Impact Assessment explicitly identifies behavioural exploitation as a problem driver that has led to consumer detriment, which has remained unaddressed by Directive 2002/65/EC. To alleviate this consumer detriment, the European Commision (2022a, p. 3) proposed Article 16e CRD, which “aims to ensure that traders [when concluding financial services contracts at a distance] do not benefit from consumer biases. In this light, they are prohibited from setting up their online interfaces in a way which can distort or impair the consumers’ ability to make a free, autonomous and informed decision or choice.” In the final text of Directive (EU) (2023)… as regards financial services contracts concluded at a distance, the new Article 16e CRD is clearly drafted against the background of the Digital Services Act and is largely a copy of Article 25 DSA, which will be discussed later in this part. Consequently, Article 16e CRD should be interpreted in the same way as Article 25 DSA when their statutory language is identical.

Regulation on Key Information Documents for Packaged Retail Investment and Insurance-based Investment Products

The PRIIPs Regulation illustrates that a ban of commercial practices exploiting consumer biases is not the only type of regulatory intervention in behavioural exploitation. Chapter II of the Regulation introduces a short and highly standardized key information document (KID), which must be supplied to financial consumers before they invest in a financial product. The KID is intended to inform financial consumers about the main features, risks, and costs of packaged retail investment and insurance-based investment products (PRIIPs). Article 8 PRIIPs Regulation standardizes the content and presentation of the information in the KID with highly prescriptive rules, such as the exact wording of headings to be used, the specific order of information, or a comprehension alert and its specific wording. The KID is thus an example of choice architecture by the state, which applies both in online and offline contexts. The aim of this standardization is to allow financial consumers to better understand complex investment products and to better compare different investments (Article 1 and Recitals 1 and 36 PRIIPs Regulation). Improving the comprehensibility and comparability of information is intended to enable financial consumers to make better informed investment decisions (Recitals 15 and 26 PRIIPs Regulation).

The European Commission (2012) Impact Assessment for the PRIIPs Regulation contains more specific insights about why the EU lawmaker chose prescriptive rules over high-level principles to achieve these objectives. The European Commission (2012, p. 36) Impact Assessment points out that the presentation of information in KIDs could be “gamed (enabling subtle investor biases to be exploited)” if PRIIPs were to set only high-level principles such as that information must be accurate, fair, clear, and not misleading. As an example, the Impact Assessment mentions that “subtle juxtapositions and hierarchies of information (for instance, placing cost information on a back page) can have strong impacts as to how salient information is taken to be for retail investors”. The salient or non-salient presentation of the same information can affect how consumers weigh this information in their decision-making process, which means that their choice is context-dependent and, therefore, biased relative to rational choice theory (Bordalo et al., 2013). By regulating the presentation of information in the KID in detail, the PRIIPs Regulation takes control of the effects of salience on consumer decision-making. This bars firms from making key information more or less salient in the KID. The KID can therefore be seen as a regulatory tool that is also intended to curb behavioural exploitation. Hence, the PRIIPs KID contains a dual, facilitative and protective, rationale. It actively designs the informational choice architecture in order to (i) facilitate consumer understanding and decision-making and (ii) protect consumers from harmful firm conduct that exploits consumer biases with the design of the informational choice architecture. Regarding the latter rationale, the PRIIPs Regulation implies that behavioural exploitation in key information documents would prevent financial consumers from making better informed investment decisions. Apart from this platitude, the regulation and its legislative materials do not specify the normative theory that could explain why the exploitation of consumer biases in informational choice architectures is wrong and warrants legal intervention.

Digital Services Act

Article 25(1) DSA is the most significant provision that expressly regulates behavioural exploitation in online choice architectures. The provision prohibits providers of online platforms such as social media and content-sharing websites (e.g., Twitter, Facebook, LinkedIn, Instagram, TikTok, YouTube) and online marketplaces (e.g., Amazon Store) to design, organise, or operate their online interfaces “in a way that deceives, or manipulates the recipients of their service or in a way that otherwise materially distorts or impairs the ability of the recipients of their service to make free and informed decisions”. The prohibition protects all recipients of a service, which includes consumers and business users (Recital 2 DSA). Even though the protective scope of Article 25(1) DSA seems very wide, this is limited by the fact that the UCPD is lex specialis (Article 25(2) DSA). What this means is that deceiving, manipulating, or coercing rational consumers with the design of online interfaces should in most instances be captured under the terms of the UCPD. Article 25(1) DSA should have its biggest impact for those online interface designs that exploit consumer biases such as dark patterns, since the ability of the UCPD to capture such forms of influence on decision-making and to protect biased consumers is uncertain (Sørensen et al., 2023, pp. 8–10), even though difficult issues of demarcation between the DSA and the UCPD (and the GDPR) remain.

Recital 67 DSA explains that dark patterns fall within the scope of the prohibition in Article 25(1) DSA. The recital defines dark patterns in online choice environments as “practices that materially distort or impair, either on purpose or in effect, the ability of recipients of the service to make autonomous and informed choices or decisions”. The recital also points out that “nudging” recipients of a service is prohibited. Even though recitals in the preamble of an EU legal instrument have no binding legal force, they are used by the Court of Justice of the European Union (CJEU) to interpret legal rules (e.g., Casa Fleischhandels-GmbH (1989), para. 31). The use of the terms nudging and dark patterns in the recitals of a legislative act is certainly surprising. Despite their common usage in scholarship, both terms lack a clear conceptual foundation and anything resembling a commonly accepted definition (compare Thaler and Sunstein (2021, p. 8) with Hansen (2016) for nudging; see the discussion in Mathur et al., 2021, pp. 2–7 for dark patterns). What appears to be clear is that Recital 67 DSA does not use the term nudging in the sense that Sunstein (2015, p. 417) does, who insist that something as mundane as the mere provision of factual information can qualify as a nudge.

Recital 67 DSA also explains that the prohibition in Article 25(1) DSA captures “exploitative design choices to direct recipients to actions that benefit the provider of online platforms, but which may not be in the recipients’ interest.” The recital further adds that Article 25(1) DSA captures specific practices that “unreasonably bias the decision making of the recipient of the service, in a way that distorts and impairs their autonomy, decision-making and choice”. As explained in the first part of this Article, the term bias in the realm of consumer decision-making refers to actual consumer decision-making that systematically departs from a normative benchmark of consumer behaviour. The reference to “bias” in Recital 67 DSA therefore indicates that Article 25(1) DSA captures only those nudges that take advantage of consumer biases in order to steer consumer decisions in a certain direction. This view is supported by the legislative materials. The regulation of dark patterns was introduced into the Digital Services Act by an amendment by the European Parliament (2022). The old recital 39a that aligned with the proposed amendment stated that dark patterns “typically exploit cognitive biases”. This view also finds support in the strand of scholarship that defines nudging as a design of the choice architecture that alters people’s behaviour in a predictable way by making use of their biases (e.g., Banerjee & John, 2021; Grüne-Yanoff et al., 2018, pp. 245–246; Hansen, 2016, p. 9).

A key requirement of Article 25(1) DSA is the material distortion test. Advantage-takings of consumer behavioural biases only fall within the scope of Article 25(1) DSA if they materially distort or impair the ability of service recipients to make free and informed decisions.Footnote 7 The ability to make free and informed decisions functions as a normative benchmark for assessing the presence of consumer harm. Advantage-takings of consumer biases that benefit the provider of an online platform and cause consumer harm relative to this benchmark are exploitative since the wrongness of an advantage-taking coincides with the harm element of an exploitation claim, as explained in the previous part of this Article. That leads to two conclusions. First, the prohibition in Article 25(1) DSA only captures exploitative forms of nudging, which is indicated by Recital 67 itself (“exploitative design choices”). This narrower reading of Article 25(1) DSA is supported by the view in scholarship that dark patterns (typically) exploit consumers’ behavioural biases (Jarovsky, 2022, p. 3; Luguri & Strahilevitz, 2021, p. 44; Martini & Drews, 2022, p. 5). Second, Article 25(1) DSA specifies the meaning of exploitation by linking it to the normative goal of free and informed decisions. Exploitation is wrong because it distorts or impairs service recipients’ ability to make free and informed decisions. Freedom of choice and informed choice are two integral dimensions of the concept of procedural fairness (Bradgate et al., 2003, pp. 29, 33, 43). Hence, Article 25(1) DSA targets procedural rather than substantive defects in online choice architectures. It follows that the provision is not compatible with the outcome-exclusive theory of exploitation or the inclusive theory of exploitation. Even though Article 25(1) DSA is not silent on a normative theory of the wrongness of exploitation, it must be admitted that a distortion or impairment of service recipients’ ability to make free and informed decisions remains a rather vague specification.

If the design of an online interface takes advantage of consumer biases, I propose that the material distortion test (“otherwise materially distorts or impairs”) in Article 25(1) DSA incorporates all criteria of a legal exploitation claim: the exploitable characteristic (a consumer bias), the taking advantage condition (the triggering or exacerbating of the consumer bias through the design of the online interface that steers consumer decision-making toward a certain choice), the benefit of the exploiter, and the wrongness of exploitation, i.e., the consumer harm element (the violation of the ability to make free and informed decisions). This test can also be applied to the specific practices listed in Article 25(3) DSA, such as “giving more prominence to certain choices when asking the recipient of the service for a decision”. Article 25(3) DSA empowers the European Commission to issue guidelines on how Article 25(1) DSA applies to the listed practices. For example, a provider of an online platform with a subscription-based business model may ask consumers to select between different subscription packages. The package that is most profitable for the provider is presented with a prominent colour and button design compared to the other package options. In this example, the design of the online interface can trigger context-dependent and, therefore, biased decision-making due to salience effects. This may steer consumers towards the subscription package that is most profitable for the firm. Hence, the provider of the online platform benefits. Whether this advantage-taking of consumer biases is wrong depends on whether consumers’ ability to make free and informed decisions is distorted.

Even if the design of an online interface meets all criteria of a legal exploitation claim, it does not follow that it should be prohibited. As was shown above, the presence of the necessary and sufficient conditions of an exploitation claim in consumer law does not, in and of itself, justify the assessment that behavioural exploitation warrants legal intervention. The distortion of consumers’ ability to make a free and informed choice has to be sufficiently material in order to justify the legal consequence of the prohibition of the online choice architecture at issue. Therefore, the materiality condition of the material distortion test also contains an assessment about the intensity of the wrongness of exploitation, which is determined by the extent of the harm and the extent of the exploiter’s gain. Furthermore, Recital 67 DSA indicates that other “negative consequences” for consumers are relevant for determining the protective scope of Article 25(1) DSA. This, too, is supported by exploitation theory. Determining when exploitation warrants legal intervention requires a balancing exercise, which may include other consumer harms which stand outside the specific wrong of exploitation. Hence, weighing other negative consequences for consumers which stand outside the specific wrong of exploitation is another factor that is covered by the materiality condition in Article 25(1) DSA. This reading of the material distortion test in the light of exploitation theory confirms concerns expressed by Martini and Drews (2022, pp. 28–29) that the vagueness in the criteria employed by Article 25(1) DSA creates legal uncertainty and may undermine the effectiveness of the provision to curb dark patterns in practice.

Even though Article 25(1) DSA is unlikely to be the last provision in EU consumer law that expressly regulates dark patterns, it already exerts a gravitational pull before its first date of application (17 February 2024). For example, the European Commission (2021c, p. 47) considered regulating “exploitative practices enabled by algorithms” in the proposed Artificial Intelligence Act, but decided against it since these practices are already targeted by the Digital Services Act. As discussed above, the new Article 16e CRD captures behavioural exploitation in the field of financial services contracts concluded at a distance, and the final text of this provision is largely a copy of Article 25 DSA.

Unfair Commercial Practices Directive

Even though the UCPD does not expressly regulate commercial practices that exploit consumer biases, the directive contains one of the few provisions in EU consumer law that explicitly uses the term exploitation in the context of regulating commercial practices, including online choice architectures. This justifies an analysis of the meaning of the term exploitation in the UCPD’s regulation of aggressive commercial practices in its Article 8. Aggressive commercial practices are prohibited under Articles 8–9 UCPD. One of the forms of aggression is undue influence, which is defined as “exploiting a position of power in relation to the consumer so as to apply pressure, even without using or threatening to use physical force, in a way which significantly limits the consumer’s ability to make an informed decision” (Article 2(j) UCPD). This definition of undue influence deserves scrutiny as it could contain an account of the wrongness of exploitation.

However, the following analysis shows that the term exploitation in the UCPD’s definition of undue influence has a non-moralised meaning and is not linked to a normative theory of wrongful advantage-taking. What should be clear is that the wrongness of undue influence does not lie in the exploitation of a position of power but in exploiting this position of power so as to apply pressure. Contra Willett (2010, p. 260), exploitation does not operate through pressure. Also, pressure does not make possible the exploitation. Coercion or deception, for example, may create an exploitable characteristic or circumstance. Pressure, too, may create an exploitation-enabling characteristic or circumstance. Yet, this is not the way that pressure is used in the UCPD’s definition of undue influence. Pressure is not an independently wrongful act that is antecedent to the act of exploitation. Instead, exploitation is antecedent to the act of applying pressure. The UCPD’s definition of undue influence captures a very specific form of exploitation: exploitation which enables the application of pressure. Does this meaning of exploitation in the UCPD contain the criteria of an exploitation claim in consumer law? One criterion is that one party benefits from their relation to the other party. Here, the benefit of the trader lies in the ability to apply pressure. This wide understanding of the benefit-of-the-exploiter criterion is supported by the view in philosophical scholarship that a benefit includes the fulfilment of one’s purposes, goals, or values (Feinberg, 1988, p. 193; Wertheimer, 1996, p. 210). The “position of power in relation to the consumer” in Article 2(j) UCPD, which is the exploitable circumstance, is causal for enabling the exploiter to apply pressure. The wrongness of exploitation-enabled pressure requires the violation of a normative benchmark. Article 2(j) UCPD calls this a significant limitation of “the consumer’s ability to make an informed decision”. This is a procedural defect in a B2C transaction, since the defect does not lie in the substantive terms of the transaction but in the way in which the trader treats the consumer (with undue influence). However, it is exploitation-enabled pressure that violates this benchmark. An exploitation of a position of power without pressure is not addressed in the UCPD’s definition of undue influence. Therefore, the term exploitation in and of itself cannot be interpreted as implying an independent moral or legal wrong that stands outside the wrong of pressure.

Article 9(c) UCPD does not speak against this interpretation. According to this provision, account must be taken of “the exploitation by the trader of any specific misfortune or circumstance of such gravity as to impair the consumer's judgement, of which the trader is aware, to influence the consumer’s decision with regard to the product” when determining whether a commercial practice uses undue influence. The gravity that this provision refers to does not qualify the intensity of the wrongness of exploitation. Instead, it is the specific misfortune or circumstance that must be of such gravity as to impair the consumer’s judgement. The impairment of the consumer’s judgement is not linked to the act of advantage-taking but qualifies the exploitable circumstance. Therefore, Article 9(c) UCPD does not specify the wrongness of exploitation but provides guidance when determining whether the trader is in a “position of power in relation to the consumer” (Article 2(j) UCPD).

The Biased Consumer Image

The provisions regulating behavioural exploitation in online choice architectures in EU consumer law protect biased consumers. Biased consumers are exploitable consumers. The image of a biased consumer clearly deviates from the “average consumer” standard that was developed in the case law of the CJEU and codified as a benchmark for assessing the fairness of a particular commercial practice in the UCPD. The reason for this deviation is that the average consumer benchmark is said to incorporate the idealised model of the consumer as a rational economic actor (Incardona & Poncibò, 2007, pp. 30–31; Mak, 2016, pp. 386–388; Riefa & Gamper, 2021, p. 20; Stanescu, 2019, p. 53). Whether the average consumer benchmark is sufficiently porous to incorporate behavioural findings about consumer heuristics (rules of thumb) and biases is an ongoing debate in EU consumer law scholarship (Cohen, 2019; Trzaskowski, 2016). The controversies surrounding this issue are one reason that can explain the hitherto limited effectiveness of the UCPD to curb behavioural exploitation.

In contrast to the UCPD’s protection of the average consumer, the provisions in EU consumer law that expressly regulate behavioural exploitation are informed by empirical findings about consumer biases. They protect consumers whose behaviour deviates from the benchmark of rational choice theory. For example, Article 22 CRD protects consumers whose decision-making is affected by the status quo bias. The key information document in the PRIIPs Regulation protects consumers who only read short and concise key information rather than all relevant information about a product. Article 25(1) DSA is capable of protecting consumers who are influenced by how information is presented to them. This is evidenced by Article 25(3) DSA. The provision acknowledges that framing effects, which are ignored by a rational economic agent, can influence consumer decision-making.Footnote 8 The level of protection afforded to the biased consumer within these provisions significantly contrasts with Advocate General Mischo’s standpoint in the landmark Gut Springenheide (1996) case before the CJEU. According to the Advocate General (paras. 96–100), the perspective of the “casual consumer”, who is more influenced by the colour and design of product packaging, rather than paying close attention to the fine print on a product, should not be taken into account when evaluating commercial practices. Whereas the average consumer is an important market actor who plays a central role in removing barriers to cross-border trade between Member States and completing the EU’s internal market (Micklitz, 2012), the biased consumer requires legal protection from having her biases exploited. Compared to protecting the average consumer, protecting biased consumers emphasizes the protection of consumers as weaker parties rather than as builders of the EU’s internal market.

Conclusion

This part has examined the extent to which EU consumer law expressly regulates commercial practices that exploit consumer behavioural biases in online choice architectures. The proliferation of dark patterns in online choice architectures has certainly intensified the debate about regulating behavioural exploitation, and legislative initiates in the EU and elsewhere are growing. Even though the current state of regulating behavioural exploitation may appear piecemeal and fragmented in EU consumer law, a cautious, market-specific, and incremental approach which focuses on regulating specific practices appears appropriate. One underlying reason for this assessment is that regulating behavioural exploitation is an example of empirically informed law-making, which requires robust empirical findings (Trautmann, 2013). Cserne (2015, pp. 284–286), for example, has expressed skepticism about whether the available empirical research about biased consumer decision-making is robust enough to allow for confident policy conclusions. For similar reasons, skepticism has recently arisen about the effectiveness of nudging as a policy tool (Maier et al., 2022). This is not the place to go through these concerns in detail, but question marks about the sufficient robustness of empirical evidence advocate against a wholesale and general approach to regulating behavioural exploitation. This casts the regulation of dark patterns in Article 25(1) DSA in a rather ambiguous light given that the provision contains numerous vague legal terms.

Another reason in favour of a cautious and incremental approach to regulating behavioural exploitation is the current uncertainty about the wrongness of exploitation. This verdict applies to both scholarship and statute law. Admittedly, the doctrinal analysis in this part of the article was not fruitless. It revealed that Article 22 CRD, Article 15 CCD II, Article 25(1) DSA, and Article 16e CRD target procedural rather than substantive defects in online choice architectures. Article 25(1) DSA specifies the procedural defect further by linking the wrongness of behavioural exploitation to the violation of consumers’ ability to make free and informed decisions. This specification remains vague, however, and without much deeper theoretical probing, it is unable to demarcate with any kind of precision the line between wrongful advantage-takings of consumer behavioural biases and non-exploitative advantage-takings. What the current uncertainty about the wrongness of behavioural exploitation does achieve is that it opens up the legal system to extra-legal values. This Article argues that the evaluative scope in the provisions regulating behavioural exploitation in EU consumer law should be structured and reduced by building on extra-legal theories about the wrongness of exploitation. The discussion in the next part of this Article will do this and will intersect the philosophical and the legal.

In Search of a Theory of Wrongful Exploitation for EU Consumer Law

This part of the Article targets and aims to alleviate the lack of normative clarity about the wrongness of exploitation in EU consumer law by drawing on the philosophical discourse on exploitation theory. This part evaluates to what extent existing extra-legal theories about the wrongness of exploitation are compatible with (i) the provisions regulating behavioural exploitation in online choice architectures and (ii) the wider scheme and goals of EU consumer law. Even though the doctrinal analysis in the previous part of this Article was unable to distil a sufficiently clear normative account of the wrongness of exploitation, the provisions regulating behavioural exploitation contain normative fragments that establish legal boundaries within which any extra-legal account of the wrongness of exploitation must fit. Put simply, the existing legal environment restricts the extent to which extra-legal economic or philosophical theories and arguments can be transformed into valid legal arguments.Footnote 9 My analysis in this part is two-pronged. First, this part discusses theories about the wrongness of exploitation that are dominant in the literature. Second, it is contended that the autonomy theory of exploitation is compatible with EU consumer law and should function as the normative theory that determines the wrongness of exploitation in EU consumer law regulating behavioural exploitation in online choice architectures. The autonomy theory of exploitation is certainly underrepresented in the literature. Hence, my analysis is not limited to this theory. It is equally important to establish that the competing, dominant theories are incompatible with, or at least insufficiently supported by, EU consumer law.

The following discussion categorises existing theories of exploitation into different strands: the economic, substantive fairness, dignity, and autonomy theory of exploitation. All of these theories determine the wrongness of exploitation based on the adverse effect of the advantage-taking on the interests of the exploited party rather than the moral badness of exploitation as such. Exploitation is not a “free floating evil”, but a wrong against the exploitee (Wertheimer, 1996, pp. 304, 309).

The Economic Theory of ExploitationFootnote 10

The appeal of the economic theory of exploitation stems from defining consumer biases (the exploitable characteristic) as systematic departures from economic rationality. Economic rationality as a normative theory of choice is integral to (orthodox) economic analysis of law. Yet, this section argues that the economic theory of exploitation is incompatible with the criteria for an exploitation claim in consumer law. Esposito (2018, pp. 54–55) contends that exploitation can be understood in welfare terms “as an excessive extraction of value by one agent from another, where the excess it typically related to the reduction in total welfare.”Footnote 11 Even though the excessive extraction of value may sound like a distributive issue that is alien to a standard market failure analysis and orthodox welfare economics, this is not the case. Esposito clarifies that the excess relates to a reduction in total welfare. Total welfare in economic theory and orthodox economic analysis of law refers to the maximum aggregate consumer and firm surplus, i.e., market efficiency (Parisi, 2013, p. 319). Taking advantage of consumer biases amounts to wrongful exploitation under this theory if it creates total welfare losses, i.e., if it creates harm relative to the baseline of market efficiency. In short, behavioural exploitation creates a behavioural market failure, which may warrant legal intervention.

While the economic theory of exploitation may seem suitable for specifying the wrongness of exploitation, this initial impression is deceptive. Recall that an exploiter (A) benefits from the relationship to another party (B). B is worse off after the interaction with A relative to a normative baseline. If the baseline is total welfare, the relationship in question is between A and the market rather than A and consumers. Even though A’s gain (the extraction of surplus) comes at the expense of consumers (the fall in consumer surplus), the shift in surplus as such does not justify the conclusion that total welfare is reduced. “[T]ransfers [of surplus] themselves cost society nothing” (Tullock, 1967, p. 230), but large resources may be spent in attempting to make or prevent transfers. Those resources are wasted from the standpoint of total welfare (Tullock, 1967, p. 231). What counts for market efficiency is the net effect in the aggregate. Market inefficiencies may arise from an over-entry of firms into the market in order to profit from consumer biases or excessive marketing efforts (Heidhues & Köszegi, 2018, p. 532). Reductions in total welfare may also arise from sophisticated consumers who engage in costly behaviour to avoid behavioural exploitation. Such market inefficiencies due to an over-entry of firms or due to the costly behaviour of sophisticated consumers stand outside the relationship between biased consumers and a firm that takes advantage of consumer biases. If total welfare is used as a normative baseline to assess the wrongness of exploitation, these arguments show that a firm exploits the market rather than biased consumers when it engages in rent-seeking behaviour that creates harm to total welfare.

What is the characteristic of the market that the firm exploits? On the one hand, one may say that consumer biases are characteristics of consumers rather than consumer markets. On the other hand, consumer biases may be seen as a characteristic of the market if consumer biases are conceptualised as the source of a market failure (Bar-Gill, 2012, p. 16; Sunstein, 2016, p. 16). Esposito (2018, pp. 49–51) distinguishes between two sources of behavioural market failures in consumer markets: (i) consumer biases and (ii) commercial practices that take advantage of these biases. A market failure resulting from consumer biases can occur even when firms do not take advantage of these biases (Esposito, 2018, p. 51). If consumer biases are the source of the market failure, a firm that takes advantage of consumer biases is essentially taking advantage of this source of the market failure. This reasoning is flawed for the economic theory of exploitation. That is because this theory identifies commercial practices that take advantage of consumer biases as the source of the market failure. The market failure (the reduction in total welfare) within the economic theory of exploitation occurs because of exploitation. The concept of structural exploitation is also unable to save the economic theory of exploitation. Exploitation theory in moral philosophy distinguishes between transactional exploitation and structural exploitation (Zwolinski et al., 2022). Transactional exploitation relates to exploitative interactions between parties. The market is not a party to an interaction between a firm and consumers. Structural exploitation takes economic institutions or systems into account, and some accounts of structural exploitation ask whether the institution or the system as a whole is exploitative (Zwolinski, 2011, p. 160). Structural accounts of exploitation may therefore ask whether a market is exploitative, but they do not ask whether the market is being exploited.

The failure of the economic theory of exploitation does not mean that efficiency considerations are ignored when policymakers determine the legal regime of exploitation. Even though such considerations stand outside the analysis of wrongful exploitation, a policymaker may consider market (in)efficiencies as a factor when analysing whether exploitative online choice architectures warrant legal intervention. Importantly, the balancing of factors in favour of or against legal intervention in behavioural exploitation cannot be structured under the umbrella of a total welfare (economic efficiency) analysis. The reason is as follows: In neoclassical welfare economics, harm is defined exclusively as a reduction in welfare. All harms are treated as reducible to impacts on people’s welfare (DeMartino, 2014, p. 82). Recall that the wrongness of exploitation can be conceptualised as legally cognisable consumer harm. This harm is not reducible to welfare losses if a lawmaker adopts a substantive fairness or an autonomy theory of exploitation, for example. Questions of fairness that concern the distribution of welfare between consumers and firms stand outside an economic efficiency analysis (Beckerman, 2017, pp. 68–69). Losses to autonomy may also evade a total welfare analysis since autonomy in a welfare framework has value only as far as it is preferred by individuals. What follows from this reasoning is that a lawmaker who expressly regulates commercial practices that exploit consumer biases (i) does not see market efficiency as the ultimate objective of these provisions and (ii) acknowledges that regulation is not dependent on the presence of a market failure, which state that intervention intends to correct in order to maximize economic efficiency. These conclusions apply to the provisions in EU consumer law that were analysed in the previous part of this Article. That also explains why a total welfare analysis and the economic paradigm is not the right frame of analysis for justifying and interpreting these provisions.

The Substantive Fairness Theory of Exploitation

This section argues that the substantive fairness theory of exploitation is incompatible with (i) the provisions regulating behavioural exploitation in EU consumer law and (ii) the scheme of the law of unfair commercial practices in general. Guttentag (2019, pp. 655–659) has recently criticised legal scholarship for analysing behavioural exploitation solely in an economic market failure framework and for ignoring its fairness implications. He (p. 659) argues that commercial practices that exploit consumer biases capture surplus from consumers and that legal intervention in such practices can be justified if it facilitates the fair and efficient distribution of this surplus. Guttentag contends that exploitation violates a fairness baseline: A exploits B when A takes unfair advantage of B. Like the majority of accounts of the wrongness of exploitation in moral philosophy (e.g., Arneson, 2013, p. 392; Ferguson, 2013, p. 93; Mayer, 2007, pp. 140–142; Wertheimer, 1996, p. 208), Guttentag is a proponent of the substantive fairness theory of exploitation. Such accounts of the wrongness of exploitation typically see exploitation as a form of distributive injustice. They assess the distributive outcome of a transaction and contend that a transaction is exploitative if the distribution of the gains of a transaction (the social surplus) diverges from a fair distribution. The unfairness of the transaction is a feature of what is agreed to, for example, the content of a B2C contract as regards an unfair distribution of the rights and obligations of the parties. Here is not the place to dissect the different substantive fairness accounts of exploitation, since the provisions of EU consumer law regulating behavioural exploitation in online choice architectures do not contain a substantive fairness benchmark. We have already seen in the previous part of this Article that the wrongness of exploitation in Article 22 CRD, Article 15 CCD II, Article 25 DSA, and Article 16e CRD is a result of a procedural rather than a substantive defect in online choice architectures. The provisions regulating the PRIIPs KID also lack a substantive fairness benchmark. These provisions are therefore incompatible with the substantive fairness theory of exploitation.

This assessment is consistent with the law of unfair commercial practices in the EU in general, since this law targets procedural rather than substantive defects in B2C relationships. The EU’s flagship piece of legislation in this area, the UCPD, lacks a substantive fairness principle that stipulates how much each party ought to gain from a transaction. The UCPD regulates commercial practices that impair consumers’ ability to make an informed decision (Article 2(e) and Recital 6 UCPD). The ability to make an informed decision links to the notion of procedural (un-)fairness, which is a distinctive feature of the unfairness standard in the UCPD. Bradgate et al. (2003, p. 117) have argued that the overall structure of the UCPD’s provisions maps neatly onto two dimensions of procedural unfairness: freedom of choice and informed choice. For example, the UCPD categorises misleading and aggressive commercial practices as unfair because of the way the B2C transaction came about, not because the outcome of the transaction violates a distribution principle. The wrongness of these commercial practices lies in the way in which the trader treats the consumer, for example, when a trader deceives, coerces, or harasses a consumer. Under the general clause of Article 5(2) UCPD, a commercial practice is unfair if it is contrary to the requirements of professional diligence and materially distorts the economic behaviour of the average consumer. The material distortion condition requires that the commercial practice appreciably impairs the consumer’s ability to make an informed decision, thereby causing the consumer to take a transactional decision that he would not have taken otherwise (Article 2(e) UCPD). The general clause is not concerned with how the gain from a B2C transaction should be fairly divided. It does not prohibit a transaction because a firm’s gain is excessive relative to a substantive fairness baseline. The impairment of the consumers’ ability to make an informed decision is an impairment of the process of consumer decision-making. Therefore, the UCPD regulates procedural defects in B2C relationships.

To conclude, the substantive fairness theory of exploitation is incompatible with (i) the provisions regulating behavioural exploitation in EU consumer law and (ii) the scheme of the law of unfair commercial practices in the EU in general as illustrated by the UCPD. Regulating behavioural exploitation in online choice architectures addresses procedural rather than substantive defects in B2C relationships. When is it procedurally unfair to trigger or exacerbate a consumer bias with the design of online choice architecture? Answering this question requires one to determine the procedural fairness benchmark. This leads us to the discussion of the dignity and the autonomy theory of exploitation in the next two Sections. Both are process-exclusive theories of exploitation. The violation of dignity or autonomy specifies what is wrong (procedurally unfair) with exploitation.

The Dignity Theory of Exploitation

This section explores whether and to what extent online choice architectures that take advantage of consumer biases are exploitative because they violate consumers’ dignity. First, this section discusses Jansen and Wall’s dignity theory of exploitation. Second, the section investigates which specific dignity theory is compatible with and supported by existing EU consumer law. Third, the section argues against adopting the dignity theory of exploitation for EU consumer law.

In philosophical accounts of the dignity theory of exploitation, the moral wrongness of exploitation is often seen in a violation of the exploitee’s dignity by not according them proper respect (Wood, 1995, pp. 151, 158; Sample, 2003, p. 57). This violation of dignity can arise whether or not the exploitee has consentend to a transaction and irrespective of the distributive outcome of the transaction (Wood, 1995, pp. 151, 154). Jansen and Wall further argue that the procedural unfairness (wrongness) of exploitation is linked to the Kantian notion not to use another as an instrument (a mere means) for the advancement of one’s own ends (Jansen & Wall, 2013, p. 382). They specify this Kantian notion for their exploitation theory by arguing that an interaction is exploitative if “one party uses the other – in a way that is disrespectful to her – as an instrument for advancing his ends” (p. 388). Jansen and Wall de facto combine the respect theory of dignity with the non-instrumentalisation theory of dignity. Both theories have recently been referred to in support of the argument that the design of choice architecture by the state that takes advantage of cognitive biases can violate citizens’ human dignity. Whereas Waldron (2014) appears to base this claim on a respect theory of dignity, McCrudden and King (2015, p. 103) base this claim on a non-instrumentalisation theory of dignity. Against the backdrop of this debate in the realm of public nudging, it appears promising to explore whether and to what extent online choice architectures in the private sector that take advantage of consumer biases are exploitative because they violate the respect or the non-instrumentalisation theory of dignity. Yet, an objection against undertaking this analysis for the purposes of consumer law is that both theories are only two of the many different conceptions of human dignity which exist in legal, philosophical, and political scholarship (see McCrudden, 2014). Moreover, the meaning of the Kantinian injunction against treating people as mere means is heavily disputed. Therefore, it appears more appropriate for the purposes of this Article to start the investigation from a doctrinal perspective and ask which specific dignity theory is compatible with and supported by existing EU consumer law.

One way to approach this question is to rely on the dignity theory which is enshrined in Article 1 of the Charter of Fundamental Rights of the European Union. According to the Explanations relating to the Charter of Fundamental Rights (2007), Article 1 Charter is not only “a fundamental right in itself but constitutes the real basis of fundamental rights”. Article 38 Charter incorporates consumer protection into the Charter’s scope as a principle that the EU legislature must observe. This may give rise to the argument that Article 38 Charter is connected to Article 1 Charter due to the foundational importance of dignity for EU fundamental rights and principles.Footnote 12 Article 1 Charter contains a positive obligation for the EU legislature to protect human dignity, and this obligation may be specified by consumer protection law. Hence, the legal concept of dignity in Article 1 Charter may guide the interpretation of consumer legislation which protects consumers from behavioural exploitation. This argumentation faces the hurdle that the meaning of dignity in EU human rights law remains contested (Dupré, 2014, Article 1 para. 26). The CJEU has not yet nailed its colours to the mast of any specific dignity theory. It has not provided a definition of dignity, and it has not yet linked Article 38 Charter and dignity in its case law.

A look at the interpretation of human dignity in Article 1 Charter in scholarship also substantiates the suspicion that the human rights discourse on dignity may not the best starting point for specifying the dignity theory of exploitation in EU consumer law. The dominant opinion argues that the concept of human dignity in Article 1 Charter has absolute character (e.g., Dupré, 2021, Article 1 paras. 5, 35; Lock, Article 1 CFR, para. 3). Dupré (2014, Article 1 para. 39) has rightly noted that an absolute concept of dignity is susceptible to being used by judges in extreme cases as a last resort. Lock (2019, Article 1 CFR, para. 5) has pointed out that the scope of an absolute concept of dignity is likely to be interpreted narrowly due to its absolute character, which prevents courts from balancing competing values. If one were to adopt an absolute dignity theory as the normative benchmark for assessing the wrongness of exploitation, it would not be possible to justify, all things considered, the exploitation of consumer biases by online choice architectures. Other values and interests like the rights of the firm or the potential welfare-enhancing nature of a transaction would not be able to outweigh the dignity violation. Since an absolute concept of dignity does not permit the balancing of competing interests, an absolute dignity theory of exploitation would likely be interpreted narrowly, as demonstrated by the reasoning of Dupré and Lock. This implies that commercial practices that take advantage of consumer biases would only be regulated in rare cases. It is unlikely that EU consumer law endorses this position.

A look at Article 22 CRD helps to demonstrate this. As previously discussed, the provision prohibits traders from exploiting consumers’ status quo bias which would lead to additional payments by the consumer. It is unclear why the taking advantage of the status quo bias in the context of (online) choice architecture qualifies as a rare case, which would make this case stand out in terms of the impact on consumers’ dignity, compared to the taking advantage of other consumer biases that may lead to additional payments, which are not captured by Article 22 CRD. More importantly, Article 22 CRD places the taking advantage of consumers’ status quo bias in the context of the trader’s failure to obtain the “consumer’s express consent”. This indicates that Article 22 CRD does neither adopt an absolute nor a relative dignity theory of exploitation because human dignity can be violated even if the trader obtains the exploitee’s express consent.

Outside the specific context of Article 22 CRD, it also appears unlikely that the EU legislature considers the wrongness of behavioural exploitation as a violation of dignity. This assertion is based on the following rationale: Given the controversies about the meaning of dignity in EU human rights law, it seems more appropriate to build a dignity theory of exploitation for the purposes of EU consumer law on the shoulders of the consumer law acquis. However, explicit references to respect and dignity are absent in the Unfair Commercial Practices Directive, the Consumer Rights Directive, the PRIIPs Regulation, and the Consumer Credit Directive II. Additionally, the regulation of exploitative design choices by providers of online platforms in Article 25 DSA does not encompass references to dignity or respect. This signifies that the EU legislature has not operationalised the concept of human dignity for the purpose of regulating commercial practices that exploit consumer biases, possibly due to the inherent vagueness of the concept and the lack of CJEU case law. While this does not mean that EU consumer law is incompatible with the dignity theory of exploitation, there are insufficient indications in the legislative acquis to suggest that EU consumer law endorses a specific dignity theory of exploitation. The existing controversies about the concept of dignity and the absence of references to dignity in EU consumer law rather serve as arguments against adopting the dignity theory of exploitation for EU consumer law.

The Autonomy Theory of Exploitation

This section contends that the autonomy theory of exploitation is compatible with (i) the wider scheme and goals of EU consumer law and (ii) the specific provisions regulating behavioural exploitation in EU consumer law. The section also starts to explicate the autonomy violation that these provisions address. It concludes that the autonomy theory of exploitation should function as the normative theory that determines the wrongness of exploitation in EU consumer law regulating online choice architectures. The autonomy theory of exploitation is a process-exclusive account of exploitation. Bigwood (2003), for example, develops such an account for the purposes of legal contractual exploitation. Exploitation is wrong because the exploiter treats the exploitee in a way that violates the latter’s personal autonomy. Personal autonomy broadly refers to the value of someone’s making her own choices and leading her own life (Darwall, 2006, 264). The exploitee’s autonomy interests can be injured independently of material losses or harm to the exploitee’s physical or economic interests.

In the context of the wider scheme and goals of EU consumer law, the autonomy theory of exploitation receives support from scholars who claim that consumer autonomy is the underlying ultimate goal of EU consumer law in general (Nordhausen Scholes, 2012, pp. 299–306). For instance, the Unfair Commercial Practices Directive is said to safeguard consumer autonomy in market transactions (Micklitz, 2006, p. 104). Gartner (2022) has argued that recent EU legislation and legislative proposals in the digital sector like the Digital Services Act, the Digital Markets Act, the proposed Data Act, and the proposed Artificial Intelligence Act have moved the concept of personal autonomy from the position of a meta-principle to the position of an explicitly protected value.

The autonomy theory of exploitation also derives support from the information paradigm, the most important tool of EU consumer policy. The information paradigm refers to information disclosure obligations that intend to enable consumers to make informed choices. Providing consumers with information communicates reasons for decision-making and empowers them to make reflective decisions. The PRIIPs Regulation calls this process of decision-making “understanding and use of information” (Recital 17). This is how the information paradigm connects to autonomy theory, which requires that decision-making is self-determined or self-governed (Arneson, 1994, p. 54; Christman & Anderson, 2005, p. 2). Even though different conceptions of self-determination exist in autonomy theory, self-determination is predominantly linked to the capacity to reflect and reflective decision-making (Christman, 2020). It refers to the capacity to govern one’s life on the basis of reasons. Hence, disclosure mandates in EU consumer law provide consumers with information so that consumers are able to make autonomous decisions. This analysis of the information paradigm does not rely on economic analysis to explain its rationale and deviates from the dominant position in the literature which holds that the information paradigm assumes that consumers are rational economic actors (e.g., Incardona & Poncibò, 2007, pp. 31–33; Mak, 2016, pp. 386–388; Siciliani et al., 2019, p. 13; Stanescu, 2019, p. 53). The assumption that consumers are rational economic actors creates a link between the information paradigm and the dominant neoclassical model of rationality (rational choice theory). Rational choice theory assumes, inter alia, that market actors consider all available relevant information and maximize utility (welfare) (Blaug, 1992, p. 229). Providing consumers with relevant information aligns well with the first assumption of rational choice theory.

However, the information paradigm in EU consumer law does not assume that providing consumers with information leads to utility-maximizing choice outcomes. Article 33 PRIIPs Regulation, for example, requires the European Commission to review the regulation. This review shall assess whether “the measures introduced have improved the average retail investor understanding of PRIIPs and the comparability of the PRIIPs” (Recital 36 PRIIPs Regulation). This suggests that a better understanding is intrinsically valuable, irrespective of the welfare-related consequences of this understanding. Providing consumers with information may enable, but it cannot guarantee welfare-maximizing decisions. This is recognised in EU consumer law, which supports and protects consumers’ ability to make an informed decision rather than the informed decision itself (e.g., Article 25(1) DSA; Article 2(e) UCPD; Article 1 PRIIPs Regulation; Article 3 lit. 13 CCD II; see Stuyck et al. (2006, p. 125) for the UCPD). Focusing on decision-making ability rather than decision outcome recognises consumers’ freedom to ignore mandated information and to base their decision on factors like advertising, friends’ recommendations, and emotions (Stuyck et al., 2006, p. 125, for the UCPD). Even though decision-making based on such factors qualifies as non-ideal, it is compatible with autonomy theory, which supports agents’ freedom to make mistakes and to live out one’s own life in accordance with them (Arneson, 1980, p. 487; Griffin, 1986, p. 67). Economic analysis does not support consumers’ autonomy to make an irrational decision. Whereas rational choice theory concerns choice outcomes and how they relate to each other but is agnostic with respect to how choices are being made (Bernheim, 2008, p. 119), the information paradigm is concerned with consumers’ ability to make informed decisions, which links to the process of decision-making.Footnote 13

Turning from the wider scheme and goals of EU consumer law to the specific provisions regulating behavioural exploitation in online choice architectures, it is argued that those provisions are also compatible with the autonomy theory of exploitation. For example, Article 22 CRD requires traders to obtain consumers’ “express consent” for any payment in addition to the remuneration agreed upon for the trader’s main contractual obligation. Article 15(2) CCD II requires creditors and credit intermediaries to obtain consumers’ “freely given, specific, informed and unambiguous” consent for the conclusion of any consumer credit or the purchase of ancillary services. The consent requirements in both provisions are compatible with the autonomy theory of exploitation, since respect for autonomy functions as a predominant rationale for informed consent requirements (Faden & Beauchamp, 1986; White, 2013). The PRIIPs KID actively takes control of the presentation of mandated information and aims to enable financial consumers to make better informed investment decisions. The PRIIPs KID illustrates the working of the information paradigm, which is compatible with the autonomy theory of exploitation.

We have already seen that Article 25(1) DSA connects the wrongness of behavioural exploitation with the distortion of consumers’ ability to make free and informed decisions. The same applies to Article 16e(1) CRD. The link between consumers’ ability to make informed decisions and the principle of consumer autonomy often remains implicit in EU legislative acts, but Recital 67 of the DSA makes this link explicit: Design choices in online choice architectures that exploit consumer biases are prohibited under Article 25(1) DSA because they infringe consumers’ autonomy. Recital 67 of the DSA also distinguishes between “decision-making and choice”. This distinction recognises two components of autonomous choice: freedom of choice and freedom of the process of decision-making (Raz, 1988, pp. 377–378). Therefore, the words “free […] decisions” in Article 25(1) DSA incorporate consumers’ freedom of choice and freedom of the process of decision-making. Online choice architectures that exploit consumer biases preserve freedom of choice, but they interfere with biased consumers’ internal freedom of the process of decision-making, for example, by changing how consumers understand their options.

What the analysis so far has revealed is that taking advantage of consumer behavioural biases through the design of the online choice architecture is wrong and exploitative if it violates consumers’ autonomy, i.e., consumers’ ability to make reflective decisions. When does the triggering or exacerbating of a consumer bias in online choice architectures violate consumers’ autonomy? Article 22 CRD, Article 15 CCD II, the PRIIPs KID, Article 25(3) DSA, and Article 16e(1) lit. (a)-(c) CRD provide specific answers to this question. These provisions regulate specific cases of autonomy violations. Uncovering these autonomy violations and making them explicit helps interpreting these provisions, applying them in borderline cases, and making them more effective tools of consumer protection. For example, the detailed presentation requirements in the PRIIPs KID do not allow firms to make key information more or less salient, for example, by placing cost information in small print on the last page. A design of the PRIIPs KID that violates the detailed presentation requirements is an autonomy violation because the choice architecture actively undermines legislative efforts (the presentation of mandated information) which aim to enable consumers to use and understand the information that is meant to form the basis of the consumer’s reflective decision-making.

Moving on from the PRIIPs Regulation to Article 22 CRD and Article 15 CCD II, these latter two provisions regulate the use of pre-ticked boxes in (online) choice environments because pre-ticked boxes exploit consumers’ status quo bias. A consumer’s choice is not autonomous if a choice architect sets a default option and if the consumer chooses the default passively and unreflectively simply because it is the default (Lecouteux, 2015, pp. 130–131). It has indeed been suggested in the literature that default options typically work by bypassing a person’s reasoning capacities and their awareness (e.g., Smith et al., 2013). In that case, the choice environment violates consumers’ ability to make reflective decisions because the design of the choice architecture causes consumers to enter into a specific agreement with a business without reflection about its substance and content. Having said that, Article 22 CRD and Article 15 CCD II restrict the use of pre-ticked boxes online even if such boxes are transparent and even if a consumer reflects about the substance and content of the agreement. This, however, does not mean that both provisions fall outside the scope of the autonomy theory of exploitation. Instead, both provisions contain the, admittedly controversial,Footnote 14 legislative generalisation that pre-ticked boxes in (online) choice environments trigger consumers biases and bypass reflective decision-making processes. Both provisions also assume causality between the process of advantage-taking of an exploitable characteristic (using pre-ticked boxes to trigger consumer biases) and the exploiter’s gain (the consumer’s additional payment; the credit agreement or the purchase of ancillary services).

Article 25(3)(a) DSA and Article 16e(1)(a) CRD govern the practice of “giving more prominence to certain choices when asking” consumers for a decision. A prominent presentation of choice options can be achieved through salience or framing effects, for example. Stanovich (2011, pp. 104–106, 111) has argued that well-known biases such as framing and salience are based on heuristic, non-reflective processing. For example, consumers do not usually reflect on whether or to what extent the prominent colour or size of an agree button compared to a reject button influences their decision-making. If such influences on consumers’ non-reflective decision-making are successful in steering consumers towards one of the choice options, consumers are not aware of the factors that can explain their decision. This distorts consumers’ ability to make reflective decisions and qualifies as an autonomy violation.

The provision that does not sufficiently specify the autonomy violation is Article 25(1) DSA, and this is mainly due to the provision’s vague terms. Exploitation theory does not help with specifying the autonomy violation, but autonomy theory does. Yet, delving into the depths of autonomy theory is beyond the scope of this Article. Specifying the autonomy violation for the purposes of Article 25(1) DSA depends on the conception of autonomy that underlies this provision and EU consumer law in general. What is clear is that not every external influence on the decision-making process by online choice architecture can be deemed a violation of autonomy. The difficulty lies in differentiating between autonomy-violating and non-violating external influences on consumer decision-making processes (Mik, 2016, p. 6). In order to make further progress on regulating behavioural exploitation such as dark patterns, we need to specify the meaning of autonomous choice in EU consumer law and make the autonomy violation legally operational based on general principles in a non-ad hoc fashion. This will concretise the line between advantage-takings of consumer biases that merit regulation in online choice architectures and those that do not. Not only is this important for the purposes of concretising Article 25(1) DSA, but also for future regulatory activity that targets behavioural exploitation in online choice architectures. Such legislative activities are certainly on the horizon.Footnote 15

Conclusion

The provisions in EU consumer law that expressly regulate behavioural exploitation in online choice architectures are compatible with the autonomy theory of exploitation. These provisions protect consumers from being exploited as autonomous decision-makers. They protect consumers’ ability to make autonomous decisions by shielding consumers from autonomy-violating external influences. Regulating behavioural exploitation such as dark patterns in online choice architectures means regulating for autonomy rather than for rationality. Therein lies a distinction between the autonomy theory of exploitation and Hill’s conception of exploitation. This Article agrees with Hill (1994, pp. 655, 678) to the extent that he sees the primary rationale for the charge of exploitation in the interference with the process of decision-making and argues that exploitation must impair the ability of the exploitee to reason effectively. However, Hill (1994, p. 681) also argues that legally relevant exploitation “requires that the victim make an irrational choice.” Whereas Hill establishes a connection between reasoning processes and rationality for the purposes of legally recognisable exploitation, this Article focuses on the link between reasoning processes and autonomous decision-making for the purposes of legally recognisable exploitation in the context of EU consumer law. Rationality and autonomy are certainly not identical (Brenncke, 2022, pp. 195–197).

Before concluding this Article, I will shortly address the relationship between the autonomy theory of exploitation and the concept of manipulation. This Article has mostly avoided the term manipulation, and this was intentional. I do not believe that adding manipulation to the discussion of behavioural exploitation is helpful. The main reason for this is that there is significant disagreement in the literature about what the necessary and sufficient elements of manipulation are. For example, one popular account by Susser et al. (2019b, p. 4) defines manipulating someone as “intentionally and covertly influencing their decision-making, by targeting and exploiting their decision-making vulnerabilities” such as cognitive biases. If, as the authors (2019a, p. 3) claim, “manipulation functions by exploiting the manipulee’s cognitive (or affective) weaknesses and vulnerabilities”, exploitation is a necessary element of manipulation. Susser et al. (2019a, p. 35) see the harm and wrong-making feature of manipulation in a violation of personal autonomy. This explains the significant overlap between the autonomy theory of exploitation and this account of manipulation. Having said that, it appears that Susser et al. do not use exploitation as a moralised, normative concept in their definition of manipulation, since they do not discuss any (competing) theories of the wrongness of exploitation. Manipulation in Susser et al.’s account also contains further elements, which stand outside the concept of exploitation. These elements are intent and the covertness of the influence. Wrongful exploitation in EU consumer law does not have to be covert or intentional.

Conclusion

The starting point of this Article was twofold. First, behavioural exploitation, i.e., commercial practices that exploit consumer behavioural biases, is a prevalent and increasing issue in online choice architectures. Consequently, the EU legislature has started to expressly regulate such practices. Second, the concept of exploitation is underdeveloped in legal scholarship and lacks solid foundations. The concept’s normativity is mostly ignored or neglected. Therefore, this Article has specified the legal meaning and significance of behavioural exploitation by exploring its conceptual foundations. The Article relied on the philosophical discourse on exploitation theory in order to develop a theory of exploitation for (behavioural) consumer law in the EU that applies to online choice architectures and unfair commercial practices in general. The Article’s key theses are as follows:

  1. 1.

    EU consumer law recognises a legal right not to have one’s consumer biases (systematic deviations from rational choice theory) exploited, albeit in limited fields. The provisions expressly regulating behavioural exploitation are Article 22 CRD, Article 15 CCD II, the Key Information Document in the PRIIPs Regulation, Article 25 DSA, and Article 16e CRD.

  2. 2.

    The necessary and sufficient conditions for an exploitation claim in consumer law are (i) the exploitable characteristic (e.g., consumer biases), (ii) the taking advantage condition (e.g., the triggering or exacerbating of a consumer bias through the design of the online choice architecture that steers consumer decision-making toward a certain choice), (iii) the benefit of the exploiter, and (iv) the wrongness of the advantage-taking. The wrongness of the advantage-taking corresponds with the harm element of an exploitation claim in consumer law. Consumer vulnerability is not a necessary element of the concept of exploitation.

  3. 3.

    The provisions expressly regulating behavioural exploitation in EU consumer law only contain fragments of a normative theory of the wrongness of exploitation. However, such a theory can be developed by drawing upon philosophical theories and the wider scheme and goals of EU consumer law. Among the various proposed accounts of the wrongness of exploitation, the economic theory of exploitation and the substantive fairness theory of exploitation are incompatible with EU consumer law regulating behavioural exploitation in online choice architectures. Although the dignity theory of exploitation is, in principle, compatible with EU consumer law, the existing controversies about the concept of dignity and the lack of references to dignity in EU consumer law speak against adopting the dignity theory of exploitation for EU consumer law.

  4. 4.

    The autonomy theory of exploitation is compatible with EU consumer law and should function as the conceptual foundation for regulating behavioural exploitation in online choice architectures. Online choice architectures that take advantage of consumer biases are wrongfully exploitative if they violate consumer autonomy, i.e., consumers’ ability to make reflective decisions.

While the scope of this Article was limited to online choice architectures, the Article’s key findings also apply when behavioural exploitation occurs in analogue settings like in brick-and-mortar stores. For example, Article 22 CRD, Article 15 CCD II, and the Key Information Document in the PRIIPs Regulation are relevant in both online and offline contexts. The scope of this Article was also limited to provisions in EU consumer law that expressly regulate behavioural exploitation such as dark patterns. As discussed in the previous Part of this Article, the autonomy theory of exploitation is compatible with the wider scheme and goals of EU consumer law. Consequently, it has the potential to be extended to other provisions within (behaviourally informed) consumer law that do not expressly address behavioural exploitation. One example is the provisions regulating marketing communications in Directive 2014 on markets in financial instruments (MiFID II) and in the MiFID II Commission Delegated Regulation (EU) 2017/565 (Brenncke, 2018, pp. 867–877). However, one important consideration when (re-)interpreting such other provisions of EU consumer law in the light of the autonomy theory of exploitation is the presence of competing theoretical approaches, such as a behavioural law and economics analysis. It was argued in this Article that such competing approaches are not the right frame of analysis for justifying or interpreting provisions in EU consumer law that expressly regulate behavioural exploitation. That is because these provisions aim to protect consumers from the wrong of exploitation. Instead of applying a welfare analysis and an economic paradigm, the autonomy theory of exploitation should be used to interpret and concretise these provisions.