Chandra Ramanujan’s father is a man in his late 60s. One day in December last year, Ramanujan’s father wanted to get his hair cut. He reached for his phone, logged into home services app Urban Company, and saw a haircut would cost him Rs 449 excluding taxes. Without thinking much, he placed a request. And minutes later, he realised he had been charged Rs 752. Confused, he checked the app again only to discover that not only will he get his hair cut, but he is also now the owner of a six-month subscription to UC Plus, Urban Company’s premium offering, a service Ramanujan’s father had no intention of buying.
“This is basket sneaking and is illegal,” an outraged Chandra Ramanujan, a product designer by profession, wrote on X, after getting to know how his father had been hoodwinked by what he called ‘one of the worst dark patterns’ he had ever seen. Urban Company’s director of design Amit Jaglan wrote back to Ramanujan on the same X thread acknowledging the issue and said the company would resolve the problem within a week.
Sanskriti Dalmia, 22, was working as a content writer in Indore, Madhya Pradesh. In February this year, she found a job that allowed her to work from home. She was packing up her things and wanted to end her Wi-Fi subscription. She thought she could just end the subscription on the Airtel app.
“The app does not have an option to close the subscription. I got in touch with customer care over the phone and email, but nothing helped,” she says. She visited one of the stores of the telecom major. “At the store, the customer care representative said: ‘You will get a call to try to convince you to keep it [the subscription]. You tell them you do not want to. Then, after seven days, someone will come and pick up the modem'.”
Airtel refused to comment on the matter.
That Sneaky Add-On
Basket-sneaking, what Chandra Ramanujan’s father was a victim of, and ‘subscription trap’ which Sanskriti Dalmia had to break free from are both examples of dark patterns—patterns carefully crafted and coded into the user interface (UI) of a mobile application or website to trick users into doing things they did not intend to do.
In November last year, India’s Central Consumer Protection Authority (CCPA) identified 13 ways in which online businesses use dark patterns and issued strict guidelines against their use. Resorting to dark patterns will amount to misleading advertisement and unfair trade practice, the CCPA said in its Guidelines for Prevention and Regulation of Dark Patterns.
Four months have passed since the guidelines came into force, but dark patterns are ubiquitous and across domains—from travel to ridesharing to grocery delivery. For example, if one were to go to travel booking app Ixigo and book a flight ticket, one would find three options: ‘free cancellation for Rs 449’, ‘free cancellation+rescheduling for Rs 749’, and ‘No, I will risk it’, with a message in red saying, “Pay Rs 3,000 fee if you cancel or reschedule.” The last option, with the message in red, constitutes what is called ‘confirm shaming’, one of the 13 dark patterns identified by CCPA. Outlook Business reached out to Ixigo; the company refused to comment on the subject.
On ride hailing major Rapido’s app, it was seen that a user would have to pass through four dialogue boxes to cancel their request for a vehicle: Go to ‘Trip Details, click on ‘Cancel Ride’, select ‘Reason for Cancellation’ and confirm the cancellation. The arduous process encoded into the app is an example of ‘interface interference’—a dark pattern where the user interface privileges specific actions over others. Outlook Business asked Rapido why it had made the cancellation process arduous multiple times, the company refused to comment on the matter.
Guidelines—How Good are They?
The guidelines issued last year ban use of dark patterns. But awareness remains a challenge. Rohit Kumar Singh, former secretary at the Department of Consumer Affairs (DoCA) who was closely involved in framing the guidelines against dark patterns before retiring in March, 2024, says, “While most companies are aware that there is a thin line between marketing, aggressive marketing and manipulation, not all know about dark patterns.”
Ramanujan, the product designer whose father fell victim to a dark pattern while trying to get a haircut, says there is no good reason for companies to follow the guidelines. “The business model is dependent on increasing their customers or making more money by upselling to existing customers,” he says.
Companies are profiting off consumers in a hurry, says Siddharth Chandrashekhar, a lawyer practising in the Bombay High Court. Purchases on digital platforms have gone up due to greater penetration of the internet, but the access has not been complemented by a similar rise in digital literacy, he adds.
“Also, there is no way to enforce these guidelines,” says Abhay Rana, a user experience (UX) enthusiast who had written to the CCPA after it opened the draft guidelines for public comments. Officials who framed the guidelines say they are indeed enforceable under the Consumer Protection Act of 2019, but consumer law experts say the Act cannot apply in an overarching manner for varying kinds of violations.
Other experts point out that there is overlap in regulatory oversight. This is because certain sectors already have regulations penalising dark patterns. For instance, the Insurance and Regulatory Development Authority of India (IRDAI) prohibits travel portals from covertly selling insurance as a default option, the Internet Freedom Foundation (IFF) had pointed out in a letter to DoCA.
Dark patterns are found in multiple sectors and regulating them requires the support of multiple regulators, says Disha Verma, additional policy counsel at IFF. “The problem of dark patterns implicates multiple sectors—SEBI [Securities Exchange Board of India] and RBI [Reserve Bank of India] for the financial services sector, IRDAI for the insurance sector and Ministry of [Electronics and] Information Technology for tech—hence there may be an overlap of regulatory oversight. So, we need a multisectoral body to handle the problem of dark patterns; CCPA’s authority is only in the area of consumer protection,” she says.
Another problem with the guidelines, according to Verma, is that it does not mention penalties for violations. “Uncertainty of penalties might hamper competition and growth among start-ups if they do not know the consequences of dark patterns; although the CPA [Consumer Protection Act 2019] has consequences and penalties mentioned, it would be inequitable and unjustified to penalise all cases of dark patterns with the same penalty,” she says.
Experts in consumer law say that it will be difficult to hold companies accountable using the existing guidelines because of weak enforcement and a difficulty in demonstrating financial loss. They recommend marrying CCPA guidelines with other legislations like the Digital Personal Data Protection Act of 2023 to improve enforcement.
World Against Dark Patterns
“The economic incentives of dark patterns far outweigh penalties mentioned in the statute,” says Aadya Misra, counsel at Spice Route Legal, an industry-focused law firm. According to Misra, “India being not a very privacy conscious country also suffers from low consumer awareness. But the conversation is gradually changing around internet companies and more consumers are becoming aware.” She says an effective enforcement mechanism can be created in India along the lines of the European Union’s General Data Protection Regulation (GDPR).
Authorities across the world are coming up with rules to tackle the rise of dark patterns. The European Data Protection Board (EDPB) has published Guidelines on Dark Patterns in Social Media Platform Interfaces which serve as practice recommendations to designers and social media platform providers. The Digital Services Act (DSA) of 2022 bans the use of dark patterns across Europe. Further, while GDPR does not expressly talk about dark patterns, it defines how consent can be obtained by companies before data is collected for processing. "Consent must be freely given," GDPR states.
In America, the states are leading the charge against dark patterns. California was the first US state to ban dark patterns. The California Consumer Privacy Rights Act of 2020 clearly defines dark pattern consent and states that consent obtained through agreements made possible by dark pattern consent is invalid. The state of Colorado has also come up with rules defining dark pattern consent.
Manisha Kapoor, chief executive and secretary general of the Advertising Standards Council of India (ASCI) says, guidelines on dark patterns are relatively new in India, the scrutiny is likely to get sharper with time as monitoring infrastructure evolves. The ASCI Academy is studying prevalent dark patterns, which it intends to document and share as part of ethical design practices.
In a country like India, the state of digital literacy is diverse and differentiated across varying levels of education, age and region. Contrast that with the tech boom in the country that has led companies to obsess over user engagement, including gamification of products, to maximise customer acquisition and retention. A phenomenon like the rise of dark patterns could erode user autonomy. The impact of that on a society that has low average digital literacy could be calamitous in the long run.
