Author: Nishica Srivastava, a BALLB(H) student at Amity University


In the present era of digitalization, with the superfluous number of new technologies, products and services being launched every other day, the risk of consumers falling prey to digital scams, unfair practices, and fraud is growing exponentially too.  With the increased penetration of internet connectivity and access to smart devices, it is no wonder electronic commerce or e-commerce platforms have seen unprecedented growth and have become a part of our daily lives due to the convenience they provide. However, the susceptibility of consumers to get trapped in scams and fraud has increased too. The rapid increase in digital transactions and trade has resulted in the growth of cybercrimes which include identity theft, hacking, data breaches, banking fraud, credit card fraud, virus attacks, etc. Online transactions are synonymous with the collection and storage of the consumer’s data. It is vital to ensure that this data is handled ethically and breaches of the same are harshly punished. In order to ensure that consumers are not abused and to provide a safe environment where fair business practices are encouraged and sensitive data and financial information are safeguarded, consumer protection laws play a crucial role. Further, since e-commerce promotes a “borderless marketplace” consumer laws are needed to regulate cross-border transactions to prevent fraud and address jurisdictional issues. 


Often, unversed consumers unwittingly fall for the highly sophisticated and polished advertising and marketing tactics used by these platforms and are easily manipulated. In recent times, a trend has been observed of employing misleading and deceitful designs and strategies by commercial entities and advertisers into tricking and influencing the consumer into unintended actions. This is known as dark or deceptive patterns. This term was coined by Harry Brignull, in 2010, who is a UX (user experience) designer.  

Such patterns are used with the intention of exploiting cognitive biases to the advantage of commercial entities. They are unethical and violate the principles of fair trade and diminish transparency in the market. Deceptive patterns infringe the consumer’s right to information about the service they are engaging with and takes away their control over their web browsing experience. Dark patterns have become extremely ubiquitous in the digital landscape and people may come across such tactics even without realizing it. They are pervasive and one is sure to encounter at least one form of dark patterns while browsing the internet. Stalwarts like Facebook, LinkedIn, Amazon have at some point been held guilty of indulging in such practices.

To provide clarity, a common instance of dark patterns that the majority of us who use e-commerce platforms must have come across is when a countdown timer pops up forcing you to purchase the product you are interested in within a certain timeframe failing which that specific discount or offer will not be available anymore. Another common example is when a product is shown at a specific price but during the checkout process numerous hidden charges, taxes, and additional fees are imposed leading to an increase in the price. When a pop-up on a website is difficult to close because the ‘x’ option is too small or camouflaged or when items are added to your cart without your knowledge, these are also instances of dark patterns.


Harry Brignull, who introduced the term ‘dark patterns’ has identified twelve different types of dark patterns that are employed by corporations to misguide consumers and profit off them. They are: –

1. BAIT AND SWITCH – This pattern takes place when the consumer engages with the website and expecting a specific outcome takes an action, but the resultant outcome is different than the expected one. As the name suggests, the consumer is often lured in using a “bait” which may be a heavily discounted product only to then “switch” and say the product is out of stock and then attempt to sell a much higher priced product. 

2. HIDDEN COSTS – When a consumer adds a product to his cart keeping in mind the price displayed on the website, only for the final amount to skyrocket due to numerous hidden costs, taxes, and additional fees at the final step of checkout, this dark pattern takes place.

3. ROACH MOTEL – This dark pattern refers to the circumstance where the platform allows the consumer to take an action very conveniently like signing up for a free trial or a subscription but makes it extremely challenging to cancel or terminate the subscription. For example, cancelling one’s account on Amazon is very difficult and a good example of this dark pattern. 

4. SNEAK INTO BASKET – These dark patterns occur when items or services are added to a consumer’s cart without their explicit consent. It is done to increase sales and boost the profit margins of the entity. This can be observed when add-on services are included with the main product in the cart and the consumer must uncheck the box to prevent paying for the additional service. 

5. PRIVATE ZUCHERING – Named after the Facebook CEO, Mark Zuckerberg, this dark pattern tricks consumers into sharing more personal information than intended. It is named so because Facebook was held guilty of this practice of causing users to share more information than intended. Due to severe backlash, this dark pattern usually manifests through data brokering wherein the user agrees to complex terms and conditions which enables the entities to sell the data they collect.

6. PRICE COMPARISON PREVENTION – Some platforms usually make it difficult or inconvenient for consumers to compare prices of different commodities from different brands or retailers. While transparent pricing and fair competition benefit consumers, corporations often employ such tactics to hinder consumers and rake in higher profits. An example of this dark pattern would be when the platform offers products in a bundle at a much higher price which makes it difficult to assess the individual prices of the commodities.

7. TRICK QUESTIONS – Often, websites utilize such design or language which deceives consumers into making decisions, or taking actions that, they did not intend to do. This is achieved through exploiting the confusion and carelessness of the user. 

8. DISGUISED ADS – This refers to a situation where the ad is presented as part of the website or application the consumer is interested in. It is camouflaged so seamlessly that often it is hard to distinguish whether it is an ad or part of the platform or content. Users are often deceived into interacting with the ads by making them appear to be a genuine part of the site. 

9. FORCED CONTINUITY – This involves the process of making it extremely complex and tough for consumers to stop recurring charges, opt out of services, or cancel services and subscriptions. The idea is to make the procedure of cancellation so arduous and burdensome that it results in continued payments beyond what the consumer had intended. 

10. MISDIRECTION – This refers to the tactics employed by platforms to deviate the attention of consumers from certain options or actions in a bid to encourage unintentional actions that will profit them. 

11. CONFIRMSHAMING – This is a form of dark pattern that uses guilt, shame, and pressure to coerce consumers into doing things or making choices that they did not intend to do or make. It often manifests in the form of a pop-up window that contains messages or options that guilt trip the consumer or make them feel socially rejected. An example of this would be a pop-up containing options such as “Yes I want to be a part of the party” or “No I’d rather be left out”. 

12. FRIEND SPAM – It is a form of dark pattern that uses strategies to manipulate consumers into sending invitations to their contacts to join that service or platform. It exploits the users’ contacts to increase the customer base of the service or platform. A notable instance of this is when LinkedIn was criticized for prompting users to invite their entire list of contacts to join the platform in the guise of helping people create an extensive professional network. Users who opted for the import of email address books had very limited options of deselecting certain contacts and all email contacts were pre-selected for invitation making it very easy to unintentionally send an invite even to those people who were not very familiar with the user. Eventually, a lawsuit was filed against LinkedIn for the usage of such deceptive patterns and had to pay $13 million as a penalty.


The Consumer Protection Act, 2019 which replaced the Consumer Protection Act, 1986 is the primary legislation that protects the rights of consumers in India. The Consumer Protection Act is concerned with safeguarding customers from arbitrary and unfair trade practices, resolving consumer disputes, and assigning product liability. For this specific reason, the Central Consumer Protection Authority (CCPA) has issued numerous standards to govern and regulate a multitude of concerns including electronic commerce platforms and deceptive ads.

Notwithstanding India’s extensive and comprehensive consumer protection framework, dark pattern practices have persisted and evolved, necessitating the creation of particular and distinct legislation. On November 30, 2023, the CCPA notified the ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’ under Section 18 of the Consumer Protection Act 2019. These guidelines aim at preventing any person or platform from engaging in dark pattern practices which have been categorized as Prohibited Practices as per Guideline 4 of the same. 

While the Dark Pattern Guidelines have attempted to mesh with India’s current consumer laws, there is plenty of room for misinterpretation and dispute over the actual impact and implementation. These guidelines rely heavily on an intention to deceive or trick the consumer, which is a subjective and not easily measurable criterion.

Furthermore, while the Guidelines seemingly broaden their protection to ‘users’ in general and not just ‘consumers’ an in-depth examination of these rules, in particular, the definition of ‘dark patterns’, that correlates deceptive design practices to, among other things, breach of the interests of consumers, reveals that they are limited to and intend to protect only ‘consumers’, perhaps due to constraints imposed by the parent statute itself. It is also noteworthy that, given the wide range of actions and operations that can be perceived as dark patterns, the Dark Patterns Guidelines’ association of design practices to only those resulting in deceptive marketing campaigns, infringement of consumer interests, and unfair trade practices may be insufficient in the grand scheme of things.

Quite absurdly, the Dark Pattern Guidelines do not authorize the CCPA to take any measures for violation of the Dark Pattern Guidelines following the Consumer Protection Act, which differs from the position taken in the initial draft that was made available for stakeholder feedback. Although the Consumer Protection Act gives the CCPA ample power to take certain actions to protect consumer rights, the guidelines and regulations published under it usually incorporate specific penal provisions that allow the CCPA to take action against any violation of such rules or guidelines. These provisions for penalty are added since the Consumer Protection Act does not offer the CCPA any residual power to act in circumstances of such violations. The removal of this particular section from the last draft of the Guidelines may be construed as an absence of legal repercussions for violation of these Guidelines, thereby restricting the CCPA.

Given that the Dark Pattern Guidelines are now in place, it may also be essential for the government to take steps to tackle the way the issue of Dark Patterns can be detrimental to the recent Digital Personal Data Protection Act, 2023, Information Technology Act, 2000 (“IT Act”), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code), 2021.

 For this purpose, a collaborative effort of different Ministries may be required to carry out a thorough impact assessment on the governance of dark patterns. A few critical connections between co-existing laws to deal with the present discrepancies remain incomplete, such as (i) inhibiting the adoption of dark patterns, including confirm shaming, trick questions, nagging, and forced actions due to the fact they might compromise the informed consent standards stipulated by the DPDPA; or (ii) curbing the utilization of rogue malware, as documented in the Dark Pattern Guidelines, or (iii) protecting intermediaries’ rights and obligations under the IT Act and the Intermediary Rules in the face of dark patterns.

Given the interdependence of these laws, it is critical to connect and associate the Dark Pattern Guidelines to the DPDPA, IT Act, and rules enacted under them, particularly the Intermediary Rules, to regulate Dark Patterns holistically. Additionally, although the CCPA sought stakeholder feedback on the proposed regulations for dark patterns, it is apparent that, despite public comments expressing reservations regarding regulatory overlaps, being excessively strict, and the dearth of specificity many of those concerns have yet to be answered.

The CCPA also appears to have made very few additional adjustments to the initial draft of the Dark Pattern Guidelines, such as (i) the restriction on the application of ‘commercial gains’ only to a handful of stated dark patterns such as nagging and confirm shaming; (ii) the introduction of three different dark patterns i.e., (a) trick questions; (b) SaaS billing; and (c) rogue malware; and (iii) the omission of guidelines stating that the provisions of the Consumer Protection Act will apply in the event of a violation of the Dark Pattern Guidelines -which effectively dilutes the operation of the Guidelines.


The reason as to why dark patterns are still so prevalent and manage to make a profit for companies by taking advantage of consumers is the lack of a strong regulatory framework to control the incorporation of such misleading designs in their user interface. The introduction of Guidelines for Prevention and Regulation of Dark Patterns in 2023 is a step in the right direction, however, there are some drawbacks the most glaring one being the absence of any repercussions for violation of the Guidelines. 

Moreover, the awareness surrounding dark patterns is limited. Consumers need to be made aware of the various methods used by commercial entities to manipulate them. It is imperative to raise awareness and enable consumers to learn how to recognize and avoid them. Digital literacy campaigns need to be organized to empower consumers with the skills to navigate the digital landscape and understand the implications of their interactions.

By implementing legal measures, user education, and industry standards, a comprehensive framework for protecting consumers and preventing dark patterns can be achieved.

Leave a Reply

Your email address will not be published. Required fields are marked *