Dark Patterns

Brick-and-mortar businesses have influenced consumer behaviour for years through design architecture and psychological manipulation, for example, placing essential items like milk and bread far apart to force customers to pass through more aisles, increasing exposure to other products and encouraging impulse buys. “Choice architecture” refers to presentation of choices to decision-makers and the effects resulting from the manner of presentation. Choice architecture subtly influences or “nudges” the decision-maker towards particular choices without actually restricting freedom of choice.

As commerce shifts online in an ever-booming global digital economy, so are deception strategies and design patterns that businesses use in their web platforms and subscription-based services that mislead consumers into making choices that are not in their interest, while appearing to be so — also known as “dark patterns”. Dark patterns deploy complex insights from consumer psychology, such as the tendency of a consumer to choose default options and imbibe them into consumer interfaces by couching a less desirable choice as the default (an add-on insurance into a pre-selected check box while booking flight tickets for example) and use it to subvert a consumer’s interest.

The Indian consumer is susceptible to such practices as well, and the Indian regulators have intervened in certain instances. In 2022, the Indian Central Consumer Protection Authority (CCPA) issued notices to online ride hailing platforms, for unfair trade practices, which inter alia included payment of charges for add-on services through pre-ticked boxes.1 The aviation industry in India has also been under increasing scrutiny of regulators after receiving complaints from consumers regarding practices by airlines and online travel agents that trick consumers into making unintended purchases such as paying for seats. Similarly, digital subscription services have been under the regulatory radar for deceptive user interfaces that trick consumers into automatically renewing subscription memberships, while subscribing out of a service is extremely cumbersome.

As such, while use of dark patterns was already regulated under the consumer laws at the time, CCPA notified the Guidelines for Prevention and Regulation of Dark Patterns, 2023 (Dark Pattern Guidelines) last year.2 The Dark Pattern Guidelines specifically identify certain dark patterns (the list however, is not an exhaustive one), which not only discourages use of dark patterns, but more significantly, aids in increasing awareness amongst consumers of deceptive practices and their rights, in an era where the lines between ethical and manipulative practices are constantly blurring and competition for revenue toplines takes precedence over user safety and trust.

The Dark Pattern Guidelines specifically identify 13 practices as dark patterns, which are:

(i) creating false urgency — falsely implying urgency or scarcity, misleading a consumer to make an immediate purchase;

(ii) basket sneaking — adding extra items during checkout;

(iii) confirm shaming — employing language to shame, guilt or influence a consumer to purchase a product or service;

(iv) forced actions — compelling a consumer to purchase to unrelated products or services;

(v) subscription trap — making cancellation of a paid subscription extremely complicated;

(vi) interface interference — manipulating the user interface to emphasise or conceal information;

(vii) bait and switch — promoting an outcome of the user’s action, but serving an alternate outcome;

(viii) drip pricing — not revealing prices upfront or charging a higher price at checkout;

(ix) disguised advertising — posing advertisements as content, tricking consumers to click on them;

(x) nagging — disrupting the user experience through repeated interaction to facilitate a transaction;

(xi) trick question — use of confusing or vague language aimed at misdirecting a consumer;

(xii) software as a service (SaaS) billing — collecting recurring payments from consumers on a SaaS business model through positive acquisition loops; and

(xiii) rogue malwares — deceiving consumers into believing that there is a computer virus and tricking them into buying a fake malware removal tool.

Dark patterns are not limited to financial losses only, but they include all sets of practices which influence a consumer into actions they did not intend to do. The Dark Pattern Guidelines define dark patterns as “any practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision-making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights”.

Central to this definition is subversion of consumer autonomy and detriment to consumer rights, and therefore, it would cover all deceptive practices which cause privacy harm, psychological detriment or any other loss to consumer welfare. Therefore, cookie consent pop-ups which present the “accept cookies” options in brighter colours, and structure the reject cookie options through a complex menu of multiple settings are also instances of dark patterns as most people do not have the time or energy to adjust their cookie settings as per their preferences for every single website they visit. By recognising deceptive design patterns, the CCPA has potentially expanded the dimensions of examining means of attainment of consent under Indian data protection laws. By contrast however, several US states explicitly incorporate the concept of dark patterns within their privacy laws.3

Regulatory frameworks in India and across the world are constantly evolving, given that regulators, industry bodies and government authorities are sharply focused on consumer protection, user safety, security and privacy. However, it is perhaps time for e-commerce players to also increase corporate efforts towards putting in place best practices, policies and processes to ensure increased accountability towards vulnerable consumers. Of course, it is a challenge to have a blueprint that fits all, given the varied business objectives and geographical considerations of different e-commerce platforms and services. However, the need of the hour is to review and reinvent current practices, revamp processes, reassess marketing strategies, enable easier grievance redressal, and overall aim for transparency.


†Partner, Khaitan & Co.

††Associate, Khaitan & Co.

†††Associate, Khaitan & Co.

1. Ministry of Consumer Affairs, Food & Public Distribution, Government of India, Press Information Bureau <https://pib.gov.in/Pressreleaseshare.aspx?PRID=1826940>.

2. Ministry of Consumer Affairs [Noti. No. CCPA-1/1/2023-CCPA-(Reg)] , dated 30-11-2023, available at: <http://www.scconline.com/DocumentLink/5TZDWjcO>

3. Amy Lee Tan, “Illuminating Dark Patterns: US Regulators Crack Down on Deceptive Practices Targeting Consumers”, Science and Technology Law Review <https://journals.library.columbia.edu/index.php/stlr/blog/view/593>.

Join the discussion

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.