Dark patterns refer to deceptive user interface designs employed by online services such as websites or applications to influence users to make decisions they otherwise might not. These misleading tactics are pervasive, extending from popular news websites to your favourite food delivery application. In response to the aforesaid issue, the Department of Consumer Affairs introduced Guidelines for Prevention and Regulation of Dark Patterns under Section 18 of the Consumer Protection Act, 2019 (“Guidelines”).
Their primary objective is to curb dishonest practices and promote transparency in the online marketplace. This marks a significant and commendable stride, considering that the Indian legal framework had been largely silent on dark patterns until now. The Guidelines define dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users into doing something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to a misleading advertisement or unfair trade practice or violation of consumer rights.”
These Guidelines apply to (i) all platforms offering goods or services in India; (ii) to advertisers; and (iii) to sellers; and prohibit engagement in dark patterns by any person, including platforms. Dark patterns are influenced by human thinking and are designed deliberately to get you to click somewhere where you don't want to or get you to agree to something you don’t want to. Under the Guidelines, 13 (thirteen) deceptive patterns have been outlined as banned. The most common patterns include:
This dark pattern refers to an act of misleading a user into believing that there is a false sense of urgency or scarcity to persuade them to act quickly and make a purchase, e.g. showing false popularity of a product or service to influence a user’s decision. A lot of times, when users are adding products to their cart, there is an instant pop-up stating, “only a few items are left”, when in fact the product remains in stock even after weeks (sometimes even at reduced prices!).
Punishment for engaging in Dark Patterns
Post induction of Guidelines, the Consumer Protection Act has inculcated an Annexure, namely Annexure 1, whereby penalties and punishments are prescribed for Dark Pattern practices reported till date. The said Guidelines are newly inducted and hence, are only indicative in nature and do not envisage an exhaustive list of all the Dark Pattern practices which may be devised by online aggregators and advertisers in the future.
Under the current regime, any non-compliance exposes Dark Pattern users to punishments, such as imprisonment for up to 6 months or a fine of up to ₹20 lakh, or both. This is in addition to the pre-existing punishments prescribed under the Consumer Protection Act, 2019 for false, deceptive and misleading advertisements floated around by Dark Pattern which are punishable with imprisonment up to 2 years and a fine of up to ₹ 10 lakh. The stringency of the said punishments increases many folds for Dark Pattern users who are identified as repeat offenders.
Anticipating the insurgency of new Dark Pattern practices in the future, the said guidelines are expected to mitigate such future practices by empowering consumers, civil society, and market players to report new instances of Dark Patterns, through an institutionalised and automated feedback mechanism, to the Department of Consumer Affairs. The Department, post evaluation, may notify and include the same in Annexure 1 of the said guidelines. This approach endeavours to encourage industry self-regulation with necessary proctoring by the Department of Consumer Affairs and ultimately aims to boost online consumer protection.
The internet is flooded with content aimed at grabbing attention, but there's a distinction between trustworthy content and manipulative tactics like subscription traps. Legislation like the Information Technology Rules of 2011 and the Digital Personal Data Protection Act of 2023 prioritises obtaining informed consent before collecting sensitive personal data.
To mitigate such unwarranted collection of data legislations, like the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 are enacted which specifically mandate the requirement of a user’s informed consent before their sensitive personal data is collected.
Similarly, the newly enacted Digital Personal Data Protection Act, 2023 places importance on obtaining explicit consent from the Data Principal before processing such data. Implicit or opt-out consent which lacks a clear, positive, and affirmative action is not considered valid under these regulations.
The Global trend towards prioritising a user’s free and informed consent is evident in data protection laws worldwide. For instance, in the US, the California Consumer Privacy Rights Act, 2020, and the California Consumer Privacy Act, 2018 and in the EU, legislations such as the General Data Protection Act, the Digital Services Act, the Digital Markets Act, and the Unfair Commercial Practices Directive recognize dark patterns and discourage their usage by rendering consent obtained through them invalid, which in turn, provides safeguards against such manipulative tactics online.
Notably, the French Data Protection Act resulted in a €8 million fine on Apple for implementing the ‘personalised ads’ setting as the default without prior consent thereby making it challenging to change the setting through multiple steps. Another such instance of dark patterns is observed on the online platform of an e-Commerce Giant which makes it challenging for a user to disband its account once created, thus creating a vicious trap.
In conclusion, despite the enactment of the Digital Personal Data Protection Act in 2023, there is still a notable gap in safeguarding against Dark Patterns. The Act does not directly address the interfaces or designs utilised by Dark Patterns operators, who often manipulate user experience under the pretext of creative freedom. Consequently, such designs evade classification under deceptive advertising or personal data piracy, highlighting the need for further regulatory measures.
—The authors; Juhi Khanna, is Senior Associate in the Corporate and Commercial practice, and Manbhar Mittal and Aman Jhawar, are associates in the Dispute Resolution & ADR practice, at law firm Gravitas Legal.
(Edited by : C H Unnikrishnan)
First Published: Mar 7, 2024 10:30 AM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Supreme Court verdict on EVMs — why upholding the voter’s trust is important
Apr 27, 2024 2:23 PM
BJP spent more than ₹103 crore on Google Ads since May 2018, maximum expenditure on videos
Apr 27, 2024 11:39 AM
Lok Sabha Election Phase 2: Experts decode the key trends and issues in key battleground states
Apr 26, 2024 11:53 PM
2024 Lok Sabha Election | Which way the wind blows in the second phase
Apr 26, 2024 6:09 PM