India’s Central Consumer Protection Authority notified the guidelines for prevention and regulation of dark patterns on November 30, 2023. The Department of Consumer Affairs (DoCA) had first published draft guidelines for tackling dark patterns in September, after a two-month long consultation with stakeholders including e-commerce platforms, law firms, government and other consumer protection organisations. The DoCA had sought public comments, suggestions and feedback on the proposed guidelines until October 5, 2023.
The DoCA had listed out specific dark patterns, termed as “Specified Dark patterns”, in the draft guidelines. It was stated that the guidelines would also cover additional patterns that the Central Consumer Protection Authority may specify from time to time.
What’s new in the notified guidelines?
Importantly, the Consumer Protection Authority (CPA) has made additions to the list of Specified Dark Patterns included in the draft guidelines. The notified guidelines also state that the specified dark pattern practices and illustrations “provide only guidance and shall not be construed as an interpretation of law or as a binding opinion or decision as different facts or conditions may entail different interpretations”.
In addition to false urgency, basket sneaking, confirm shaming, forced action, subscription trap, interface interference, bait and switch, drip pricing, disguised advertisement, nagging, the regulator has also defined the following dark patterns:
1. Trick Question: The guidelines define trick question as the deliberate use of confusing or vague language, using double negative, and similar actions in order to “misguide or misdirect” a user from taking decisions based on their understanding.
For example, “while giving a choice to opt, ‘Do you wish to opt out of receiving updates on our collection and discounts forever?’ using phrases like, “Yes. I would like to receive updates” and “Not Now”, instead of the option, “Yes”.
2. Saas billing: This form of dark pattern refers to the process of “generating and collecting payments from consumers on a recurring basis in a software as a service (SaaS) business model by exploiting positive acquisition loops in recurring subscriptions to get money from users as surreptitiously as possible”.
In such cases, the platform may choose not to notify the user when a free trial transitions to a paid one; auto-renew subscriptions and indulge in processing “silent recurring transactions” without informing the user; charge customers for features they don’t use; and employ “shady credit card authorization practices” to deceive consumers.
3. Rogue Malwares: As the name suggests, this dark pattern involves using a “ransomware or scareware” to mislead or trick a user into believing that there is a virus on their computer with an objective to convince them to pay for a fake malware removal tool that in fact “installs malware on their computer”.
As illustrated in the guidelines, this would include cases like:
- When a pirating website/app promises the consumer to provide free content (audio or audio-visual or others), but actually leads to an imbedded malware when the link is accessed.
- When consumers gain access to the content on pirated platforms but keep getting pop-ups that have advertisements on them which are imbedded with malware.
- When consumers are prompted to click on an advertisement or are automatically redirected to an advertisement, but instead find their personal filed locked up, followed by a demand to make a payment to regain access.
Why it matters:
Dark patterns work against a consumer’s interests and undermine their decisions by way of deceptive patterns, which benefit the platform over providing a user’s genuine needs. In response to the draft guidelines published by the DoCA, organisations like the Asia Internet Coalition and the Internet Freedom Foundation had raised critical points, in addition to recommendations, regarding inadequate definitions, restrictive listing and categorisation of dark patterns, regulatory uncertainty and overlaps, among others. Apart from the changes and revisions mentioned in this article, other parts of the guidelines remain the same.
In addition to expanding the list of dark patterns, the department has also revised two of the existing patterns:
1. Force action: Forced action includes tricks that compel a user to take an action that would require them to buy additional goods or subscribe to an “an unrelated service” or share personal information for a product/service that the user originally intended to buy.
The CPA has added additional cases to illustrate what a forced action means:
- Forcing a user to share personal information linked with Aadhar or credit card, even when such details are not necessary for making the intended purchase.
- Forcing a user to share details of his contacts or social networks in order to access products or services purchased or intended to be purchased by the user.
- Making it difficult for consumers to understand and alter their privacy settings, thereby encouraging them to give more personal information than they mean to while making the intended purchase.
2. Bait and switch: As defined in the guidelines, this dark pattern refers to the “practice of advertising a particular outcome based on the user’s action but deceptively serving an alternate outcome”. For example, a seller may offer a product at a cheap price, but once the consumer is about to buy, the seller may offer an expensive product instead stating that the previous product is out of stock.
The notified guidelines include an additional example of bait and switch practice, wherein a seller may falsely show an unavailable product as available in order to lure the customer to move the product to the shopping cart. However, once the user moves to the shopping cart, they are notified that the product is “out of stock” and higher-priced product is offered.
The CPA has also removed a clause 8 from the draft guidelines which stated that, “The provisions of the Act [Consumer Protection Act, 2019] shall apply to any contravention of these guidelines.”
- Expand List Of Dark Patterns, Address Regulatory Uncertainty, And Privacy Concerns: IFF’s Recommendations
- Draft Guidelines On Dark Patterns Will Impact Ease Of Doing Business, Cause Regulatory Overlaps: Asia Internet Coalition
- Consumer Affairs Department Of India Publishes Draft Guidelines For Regulation Of Dark Patterns
- What Are Dark Patterns And How Do They Influence User Choice On The Internet?
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!