Dark patterns are deceptive design techniques that are employed to compel or influence user behaviour online. One might find these in the form of subscription mailing lists that are hard to opt out of, or trying in vain to withdraw consent from data collection activities. While they may seem harmless at first, dark patterns pose long-term data privacy and online autonomy concerns.
In recent times, several jurisdictions around the world have responded to the risks posed by dark patterns with legislations protecting both privacy and consumer rights. In the USA, for example, the California Consumer Privacy Rights Act, 2020, and the California Consumer Privacy Act, 2018, recognise dark patterns and discourage their usage by invalidating consent secured with them. In the EU, the General Data Protection Act, the Digital Services Act, the Digital Markets Act, and the Unfair Commercial Practices Directive protect users and consumers from manipulative tactics online. In a significant recent decision, (Meta Platforms Inc. v. Bundeskartellamt C-252/21) the EU Court of Justice on July 4, 2023, ruled that Meta cannot track users’ data without explicit consent, and without having to forego core services. In the Court’s view, consent must be free of any manipulative tactics such as penalising users or offering subpar service for opting out of getting profiled for marketing purposes. Clearly, there has been some headway in regulating the global usage of dark patterns.
India’s draft Guidelines for Prevention and Regulation of Dark Patterns, 2023
India’s Department of Consumer Affairs recently came out with the draft Guidelines for Prevention and Regulation of Dark Patterns, 2023 (“the draft Guidelines”). The draft Guidelines, which have not made into law as yet, propose to expressly prohibit certain identified dark patterns by advertisers, sellers, and any platform systematically offering goods and services in India.
For the first time, the draft Guidelines offer a definition of dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights”. The Annexure to the draft Guidelines identify the following dark patterns:
“False Urgency” means falsely stating or implying the sense of urgency or scarcity so as to mislead a user into making an immediate purchase or take an immediate action, which may lead to a purchase.
“Basket sneaking” means inclusion of additional items such as products, services, payments to charity/donation at the time of checkout from a platform, without the consent of the user, such that the total amount payable by the user is more than the amount payable for the product(s) and/or service(s) chosen by the user.
“Confirm shaming” means using a phrase, video, audio or any other means to create a sense of fear or shame or ridicule or guilt in the mind of the user, so as to nudge the user to act in a certain way that results in the user purchasing a product or service from the platform or continuing a subscription of a service.
“Forced action” shall mean forcing a user into taking an action that would require the user to buy any additional good(s) or subscribe or sign up for an unrelated service, in order to buy or subscribe to the product/service originally intended by the user.
“Subscription trap” means the process of making cancellation of a paid subscription impossible or a complex and lengthy process including similar other practices.
“Interface interference” means a design element that manipulates the user interface in ways that (a) highlights certain specific information; and (b) obscures other relevant information relative to the other information; to misdirect a user from taking an action desired by her.
“Bait and switch” means the practice of advertising a particular outcome based on the user’s action but deceptively serving an alternate outcome.
“Drip pricing” means a practice whereby elements of prices are not revealed upfront or are revealed surreptitiously within the user experience; and/or other such practices.
“Disguised advertisement” means a practice of posing, and masking advertisements as other types of content such as user-generated content or new articles or false advertisements.
“Nagging” means a dark pattern due to which users face an overload of requests, information, options, or interruptions; unrelated to the intended purchase of goods or services, which disrupts the intended transaction.
Other Indian Laws that Impact Dark Patterns
Although the draft Guidelines are an important step towards protecting Internet users’ interests, they arguably add to an already existing framework prohibiting dark patterns in India. Indian legislation offers protection against misleading and deceptive practices aimed at manipulating consumers, and also against unfair trade practices. While not referred to as dark patterns, extant regulations control the usage of similar tactics, particularly in the realm of consumer rights.
The Consumer Protection Act, 2019 (“CPA”) prohibits unfair trade practices, which includes “a trade practice which, for the purpose of promoting the sale, use or supply of any goods or for the provision of any service, adopts any unfair method or unfair or deceptive practice”. Such practices would include, but are not limited to, falsely representing the supposed quality, sponsorship or approval, or the need and benefit of a product or service. Violations are punishable with fines or jail time!
The Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) prohibit e-commerce entities from indulging in unfair trade practices.
Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022, released by the Central Consumer Protection Agency (“CCPA”) under section 18 of the CPA lay down conditions for “non-misleading and valid advertisements” and for “bait advertisements” which attract consumers by lowering the cost of a product or service. The Guidelines require advertisements to not be described as “free” in situations wherein the consumer has to pay for the packing or delivery, the consumer has to buy another item at an increased price to avail the offer, and the quality and quantity that the consumer has to purchase to avail the offer has been reduced.
Voluntary Industry Standards: It is also worthwhile to note that the Guidelines for Online Deceptive Design Patterns in Advertising, 2023, (applicable from September 1, 2023) were released by the Advertising Standards Council of India (“ASCI”) as part of the ASCI’s Code for Self-Regulation of Advertising Content in India. The Guidelines identified the following common modes of online deceptive patterns or “dark patterns” in advertising –
Drip Pricing – where all elements of the cost of a product are not revealed upfront and are only found during the final stage of purchasing.
Bait and Switch – wherein an ad implies one outcome on the basis of a consumer’s actions, but instead serves an alternative. For example, showing one product and, upon reaching the website, revealing that it is out of stock and offering an alternative.
False Urgency - Implying the quantity of a product or service is more limited than it really is to create an urgency to purchase the same.
Disguised Ads- wherein an editorial or content is not revealed as an advertisement.
The Digital Personal Data Protection Act, 2023, (“DPDP Act”); also expressly requires free and unambiguous consent of individuals prior to the processing of their personal, unless it is being done for certain specified “legitimate uses”. The request for consent must be accompanied by a notice which reflects the purpose of processing the requested data along with a description of rights available to individuals, one such right being the withdrawal of consent at any time. At the same time, this Act also states that the act of withdrawing consent should be made as easy as obtaining the same by a Data Fiduciary. Therefore, a Data Fiduciary does not have the liberty to “hold hostage” an individual’s consent and their data and can only use the latter for the purpose for which data had been obtained.
What Happens Next
Until now, the manipulation of consumers’ psychological and behavioural tendencies online was only regulated in the realm of advertising and marketing. Now, and in light of the DPDP Act, the draft Guidelines propose to widen the ambit of regulating dark patterns to cover wider consumer concerns. Considering that the DPDP Act and the upcoming ‘Digital India Act’ have the potential to protect users from dark patterns, it is to be seen how the draft Guidelines will complement the current scenario without leading to regulatory overlap and arbitrage.