What are dark patterns + consent fatigue?

Dark patterns (Harry Brignull, 2010) are deliberately manipulative UI choices that push users to unwanted actions. Under GDPR and the Digital Services Act (DSA) they are largely unlawful. Common dark patterns: (1) Pre-checked boxes — consent "on by default". Prohibited under GDPR Art. 4 + 7. (2) Asymmetric design — "Accept All" as big green button, "Reject" as small grey link. Unlawful since Planet49 ruling + Booking fine. (3) Roach motel — easy to sign up, very hard to unsubscribe. Violates Art. 7(3) (withdrawal must be as easy as giving). (4) Confirmshaming — "No, I don't want to save money" as unsubscribe text. Manipulates via shame. (5) Disguised ads — ads that look like real content. Under Dutch financial law + ACM rules. (6) Forced continuity — free trial automatically converted to paid subscription without reminder. Invalid under consumer law. Consent fatigue: when users become exhausted by endless cookie banners + consent requests and ultimately click "Accept All" without reading. That's exactly what websites want — but GDPR requires free, informed, unambiguous consent. Fatigue ≠ informed consent. Enforcement: AP fines 2023-2025 against Booking, NOS, Telegraaf for dark-pattern cookie banners. CNIL fines for Google + Amazon. DSA (Digital Services Act, from 17 Feb 2024): Art. 25 explicitly prohibits dark patterns on online platforms. Fine up to 6% global turnover. How to report? Complaint to AP (privacy aspect) and/or ACM (consumer aspect).