Author: Inchara V Basri, PES University
LinkedIn Profile: https://www.linkedin.com/in/inchara-v-basri-a22926377?utm_source=share_via&utm_content=profile&utm_medium=member_ios
Abstract:
This article looks closely at the fast-growing legal and regulatory battle against “dark patterns.” These are tricky user-interface (UI) and user-experience (UX) designs used by modern digital platforms to deceive, nudge, or trick everyday consumers into spending extra money, signing up for unrequested subscriptions, or surrendering their private data. For over a century, the core foundation of contract law has relied on a simple and beautiful principle: “free consent.” However, modern e-commerce sites systematically exploit human psychology, turning everyday checkouts into hidden traps that make genuine free choice almost impossible.
By analysing recent landmark enforcement actions by the Central Consumer Protection Authority (CCPA) through 2025 and mid-2026, alongside key state consumer commission rulings, this paper tracks how India is rapidly turning soft digital guidelines into serious legal liabilities for companies. Ultimately, this article explores how these deceptive designs violate the Consumer Protection Act, 2019, as “unfair contracts” and “unfair trade practices.” It establishes a new legal standard where platform code must respect human choice, ensuring that technology serves the consumer rather than exploiting them.
To the Point:
Imagine sitting on your couch, trying to book a quick weekend flight or signing up for an online course to help you study. You find a price that fits your budget, click through to the checkout page, and enter your card details. But right before you hit the final payment button, you notice the total price has suddenly jumped. Somehow, a ten-rupee charitable donation has been pre-checked for you without your permission, a hidden handling fee has been tacked onto the back end, and an expensive insurance policy is sitting in your shopping cart. When you try to find the small, hidden button to remove the insurance, a massive, bright red pop-up warns you: “No, I will take the risk and leave my family unprotected.”
If this has ever happened to you, do not blame yourself. You did not make a mistake, and you were not being careless. You were simply targeted by a dark pattern.
Dark patterns are sophisticated design tricks built into websites and apps to confuse, pressure, or manipulate you. They are engineered by specialized data teams to override what you actually want to do, steering you toward choices that make the company more money while draining your wallet or compromising your privacy. According to industry data released in 2026, Indian consumers lose thousands of crores every year to these exact interface traps. It is a massive problem affecting a huge chunk of the online shopping market, from food delivery apps to online travel portals.
For a long time, the old rule of the marketplace was caveat emptor—let the buyer beware. If a customer signed a contract or bought a product without reading the fine print, the traditional legal system blamed the customer. But in today’s hyper-optimized online world, that old rule is completely broken. When an app interface is deliberately designed to work against you, awareness alone is not enough. Knowing the trick does not help you when the checkout screen is actively trying to confuse your senses.
Because of this, Indian law is undergoing a massive shift. Led by the Central Consumer Protection Authority (CCPA), the legal system is moving to a strict rule of caveat venditor—let the platform beware. The law no longer looks just at what is written in a company’s terms and conditions. Today, it polices the actual design, colours, buttons, and layout of the app. If a company uses its code to systematically trick a consumer, the law will step in to protect human free will.
Use of legal jargon:
To understand how digital design transitions from simple marketing into an illegal corporate practice, we must break down the key terms defined under the Indian contract and consumer protection frameworks:
• Dark Patterns: Any deceptive design pattern or user-experience interface that misleads or tricks users into doing something they did not originally intend to do, thereby damaging their autonomy, independence, and choice.
• Free Consent: A fundamental pillar of contract law where parties must agree upon the exact same thing in the exact same sense, completely free from fear, coercion, fraud, misrepresentation, or unfair pressure.
• Basket Sneaking: The illegal practice of automatically adding additional items, services, or charitable donations to a user’s digital shopping cart at the checkout screen without their explicit, active, and manual consent.
• Confirm Shaming: Using emotional blackmail, guilt-trips, shame, or ridicule via text or video layout to manipulate a user into making a purchase or extending a subscription.
• Forced Action: Compelling a user to take an unrelated action—such as signing up for a separate service or surrendering private personal details—as a mandatory requirement to complete their primary transaction.
• Drip Pricing: A deceptive practice where a platform hides the true total cost of a product or service and slowly reveals extra mandatory fees as the consumer clicks deeper through the checkout screens.
• Unfair Contract: Under Section 2(46) of the Consumer Protection Act, 2019, any contract or terms that impose unreasonable charges, penalties, or conditions that put the consumer at a severe, systematic disadvantage.
• Unfair Trade Practice: Under Section 2(47) of the Consumer Protection Act, 2019, any deceptive, fraudulent, or misleading representation that harms consumer choice or falsifies product demand.
The Proof:
To prove a dark pattern violation in court, regulators no longer look just at written contracts; they audit the platform’s user experience (UI/UX) code. The government builds its cases on the Guidelines for Prevention and Regulation of Dark Patterns, 2023, issued under the Consumer Protection Act, 2019.
The core legal test to prove a violation relies on showing that a platform used a deceptive layout to override active human intent. The law breaks down the operational legality of digital checkout systems into a clear standard: passivity does not equal agreement. Consent must be a clear, active choice made manually by the consumer, not an option pre-selected by a computer algorithm.
When an investigator looks at an app, they trace the user journey. If a consumer must jump through multiple hidden sub-menus to cancel a service, but can subscribe with a single accidental tap, the choice architecture is legally classified as deceptive. The law treats this imbalance as electronic misrepresentation. If the design path makes it intentionally difficult to opt out, the platform cannot claim that the user clicked “agree” of their own free will.
Furthermore, proof of deceptive intent can be found in the text itself. When a platform uses fear-based messaging or emotional manipulation to steer a choice, it violates the right to informed consent. Forcing consumers to accept unproven threats to decline an extra service is treated as a form of electronic coercion. Regulators collect screenshots, user flowcharts, and backend code to prove that a platform systematically engineered a trap to extract money without an honest, transparent agreement.
Case Laws:
The transition of dark pattern guidelines from suggestive rules into heavily enforced legal precedents is highlighted by three definitive cases decided between 2024 and mid-2026:
1. Central Consumer Protection Authority v. Physicswallah Limited (2026)
In June 2026, the CCPA delivered a landmark ruling against the major educational platform PW. Live(operated by Physicswallah Limited). This case is highly significant because it highlights how multiple dark patterns can be woven into a single consumer journey. The investigation uncovered that whenever a student tried to purchase an exam preparation course, the checkout screen automatically added a ten-rupee donation to a private foundation into their billing cart. This donation box was pre-checked by default, a clear instance of basket sneaking.
When students tried to uncheck the donation box to remove the charge, the platform triggered emotional pop-up messages about children’s welfare, designed to make young students feel intense personal guilt for removing the donation. Furthermore, the platform advertised several courses as completely “free,” but when users tried to open them, the interface blocked them completely, demanding they first input their phone numbers and tracking data.
The CCPA rejected the company’s defenses that a ten-rupee fee was too small to cause meaningful harm. The authority ruled that consent can never be assumed through passivity or manufactured through guilt. The CCPA fined the company five lakh rupees, ordered them to remove all pre-ticked donation frames, and mandated that any course advertised as “free” must be accessible without forcing data sharing.
2. Central Consumer Protection Authority v. McAfee Software India Private Limited (2025)
In mid-2025, the CCPA turned its focus toward global software giant McAfee, tackling the widespread issue of fear-based renewal tactics. When consumers purchased McAfee’s anti-virus software, they were automatically enrolled in an auto-billing program. When the subscription neared its expiration date, the user interface made it incredibly difficult to turn off the automatic billing feature.
More importantly, if a consumer navigated through multiple hidden sub-menus to cancel the service, the final confirmation screen presented them with a choice box where the opt-out button was explicitly labelled “Accept Risk.” The CCPA observed that the phrase “Accept Risk” was a deliberate attempt to cause emotional panic. The design implied that choosing not to purchase the company’s specific product would expose the consumer to guaranteed, immediate cyber threats.
Because McAfee could not scientifically prove that a consumer would face an immediate attack the moment their subscription ended, the CCPA ruled that the interface used unverified, fear-based pressure to impair free decision-making. The company was fined and ordered to replace all manipulative prompts with completely neutral language, establishing a major precedent for the software industry.
3. Ashwani Chawla v. Flipkart Internet Private Limited (2024)
While the CCPA handles massive corporate actions, local consumer courts are using the same rules to protect everyday citizens. A prime example is a dispute decided by the State Consumer Disputes Redressal Commission in Chandigarh. The complainant, Ashwani Chawla, attempted to purchase a phone on Flipkart’s website. Throughout the selection process, the advertised price stayed the same.
However, upon reaching the final payment screen, an extra handling fee was automatically appended to the bill. This was done despite the fact that the invoice already included a separate shipping charge.
The Commission took explicit notice of the Dark Patterns Guidelines. The court held that tacking on a secondary, hidden handling charge at the absolute last second of a transaction is a classic case of drip pricing. The court ruled that this practice systematically disadvantages consumers by preventing transparent price comparisons at the start of their shopping journey. Crucially, the commission used its legal powers to declare this practice an “unfair contract” under Section 2(46) of the Consumer Protection Act, ordering Flipkart to refund the fee, pay compensation, and clean up its checkout system.
Conclusion:
The evolving law surrounding digital choice architecture marks a permanent turning point in corporate compliance. For digital consumers, it restores the balance of power, ensuring that online transactions respect human free will rather than exploiting psychological blind spots. For e-commerce conglomerates, fintech platforms, and ed-tech startups, the judicial warnings of 2025 and 2026 make one thing clear: interface design is now a core legal liability.
When a corporation uses code to systematically engineer consent through guilt, shame, or hidden fees, the law will aggressively step in to strip away their unfair commercial gains, proving that consumer volition cannot be manufactured by an algorithm.
FAQS:
Q1: Is it illegal for an online shopping site to automatically pre-tick a checkbox for me?
A: Yes. Under the guidelines enforced heavily today, pre-ticked boxes for donations, insurance, or extra services are completely illegal. Consent must be a clear, active choice made manually by the consumer.
Q2: What should I do if an app forces me to link my social media account just to use a basic tool?
A: This is legally classified as a “Forced Action” dark pattern. You can file a formal complaint with the National Consumer Helpline, as platforms cannot deny a basic service just to force data sharing.
Q3: Can a company legally use phrases like “No thanks, I hate saving money” to make me buy a subscription?
A: No. This tactic is called “Confirm Shaming.” Regulators have explicitly banned the use of emotional guilt, ridicule, or fear-inducing language to push consumers into making transactions.
Q4: How does a dark pattern violate standard contract law?
A: A valid contract requires “Free Consent.” Dark patterns use manipulative layout designs, time pressures, and hidden menus to confuse or mislead consumers, which completely ruins free consent.
Q5: Where can an ordinary citizen file a complaint if they find an app using dark patterns?
A: Consumers can file a formal complaint directly with the National Consumer Helpline via their online portal or app, or lodge a dispute before their local District Consumer Forum under the Consumer Protection Act, 2019.
References:
1. Ashwani Chawla v. Flipkart Internet Pvt. Ltd., Consumer Complaint No. CC/113/2023 (SCDRC Chandigarh, Feb. 20, 2024).
2. Central Consumer Protection Authority v. Physicswallah Ltd., Suo Moto Proceeding Order (CCPA, June 1, 2026).
3. Central Consumer Protection Authority v. McAfee Software India Pvt. Ltd., Enforcement Order No. CCPA-2/14/2024 (CCPA, June 2025).
4. Mahi Sindhu v. Inc Shoes Pvt. Ltd., First Appeal No. FA/89/2024 (SCDRC Delhi, Aug. 20, 2025).
5. The Consumer Protection Act, 2019, No. 35 of 2019, §§ 2(9), 2(46), 2(47), 18 (India).
6. The Indian Contract Act, 1872, No. 9 of 1872, §§ 13, 14 (India).
7. Central Consumer Protection Authority, Guidelines for Prevention and Regulation of Dark Patterns, 2023, Gazette of India (Nov. 30, 2023).
