While many individuals may have come across the above headline or similar stories in their news feeds, only a few may possess a comprehensive understanding of the legal intricacies involved. Interestingly, the global e-commerce giant, Amazon, has faced regulatory scrutiny in various countries, including India, the United States, Poland, and others, for engaging in dark patterns to manipulate consumers and boost its Prime membership subscriptions while hindering/complicating the cancellation process. Notably, the Central Consumer Protection Authority (CCPA) in India also served notice to Amazon (India), accusing the company of enrolling Indian consumers in its Prime membership subscription program without their consent through the use of dark patterns.
The term “dark patterns” was first coined in 2010 by Harry Brignull, a user experience researcher in the United Kingdom. Dark patterns are practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision-making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights.1
Typically, e-commerce entities, platforms, sellers, and advertisers resort to such unethical practices to boost sales, usage, or supply of goods and services, often prioritising profits over consumer safety. The segments of digital consumers most affected by these practices include minors, the elderly, those with lower literacy levels, and less privileged individuals, who are susceptible to misunderstanding and unknowingly consenting to dark pattern offers or subscriptions, only to regret their decisions later. Given the widespread impact of dark patterns on consumers globally, it is crucial to examine the Indian legal framework pertaining to dark patterns and assess its effectiveness in regulating and preventing consumer exploitation.
Legislative framework
In India, dark patterns are regarded as unfair trade practices,2 misleading advertisements or violation of consumer rights, which are all prohibited by the Consumer Protection Act, 20193 (CPA). Engaging in such practices incurs significant penalties. While the CPA, Consumer Protection (E-Commerce) Rules, 20204, and the Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 20225 address these issues, there was a recognised need for specific and comprehensive regulations to tackle consumer exploitation facilitated by dark patterns, considering the complexities of the digital market landscape. Consequently, acknowledging the risks associated with dark patterns and the imperative to strictly prohibit and regulate them, the Indian Government issued the Guidelines for Prevention and Regulation of Dark Patterns, 20236 (Guidelines) under Section 187 of the CPA.8 These Guidelines serve as an additional preventive and prohibitory measure specifically targeting dark pattern practices, augmenting the existing framework. Unlike measures in other countries, these Guidelines are activated upon deliberate or intentional involvement in dark pattern practices, which they define as those “designed to mislead”.9 Any contravention of the Guidelines attracts penalties under the CPA. Moreover, the Guidelines stipulate that in cases of ambiguity or dispute regarding their interpretation, the decision of the Central Consumer Protection Authority (CCPA) will be final.
Scope of Guidelines
The Guidelines have a broad scope, applying to all platforms (including foreign ones, systematically providing goods or services in India); advertisers; and sellers offering goods or services in Indian markets.
The practices falling under the category of “dark patterns” are outlined in Annexure 1 (Specified Dark Patterns) of the Guidelines, accompanied by illustrative explanations for better understanding. This list is inclusive in nature and the illustrations so provided, serve as guidance. Following practices are specified dark patterns as per the Guidelines:
|
Dark patterns |
Description |
|
False urgency |
Creating a false sense of urgency or scarcity to prompt immediate purchases. |
|
Basket sneaking |
Adding extra items or services, payments to charity/donation at checkout without user consent, thereby increasing the total payable amount. |
|
Confirm shaming |
Employing fear, shame, ridicule, or guilt-inducing tactics to manipulate users into purchasing. |
|
Forced action |
Coercing users into additional purchases, subscriptions, or sign-ups not relating to their original intent. |
|
Subscription trap |
Implementing obstacles to subscription cancellation, hiding cancellation options, or making cancellation processes overly complex or ambiguous. |
|
Interface interference |
Manipulating user interfaces to highlight certain information while obscuring other relevant details, guiding users away from desired actions. |
|
Bait and switch |
Deceptively advertising one outcome based on user actions while delivering another. |
|
Drip pricing |
Concealing pricing information until after purchase confirmation, misleading users about costs or the need for additional purchases. |
|
Disguised advertisement |
Disguising advertisements as user-generated content, news articles, or other types of non-advertising content. |
|
Nagging |
Overwhelming users with excessive requests, information, options, or interruptions unrelated to their intended transactions. |
|
Trick question |
Using confusing or vague language to misguide users or prompt specific actions. |
|
SaaS billing |
Exploiting positive acquisition loops in recurring subscriptions to collect payments from users in a software-as-a-service (SaaS) business model. |
|
Rogue malwares |
Utilising ransomware or scareware to deceive users into believing their computer is infected, prompting them to pay for fake malware removal tools that actually install malware. |
Competent authority
The CCPA is responsible for interpreting and enforcing the Guidelines. As the Guidelines lack a specific procedure for consumer complaints, the CCPA follows the CPA, which outlines procedures for addressing unfair trade practices and false advertisements. When the Guidelines are violated, the CCPA may initiate a suo motu inquiry or act upon a consumer complaint. A preliminary inquiry is conducted to determine if a prima facie case exists, and if so, the matter is forwarded for investigation. If the CCPA confirms a violation, it issues an order, including penalties and directions to modify or cease the infringing practice. The infringing party is given a chance to be heard before the final decision is made.
Consequences on contravention
In the event of contravention of Guidelines, the punishment stipulated for the offence of false or misleading advertisement under the CPA will be invoked. Accordingly, the infringer will be liable for punishment with imprisonment for a term which may extend to two years and with fine of up to ten lakh rupees.10 If the offence is repeated subsequently, the infringer will be punished with imprisonment for a term which may extend to five years and with fine which may extend to fifty lakh rupees.11
The Amazon saga
The case involving Amazon can be squarely categorised as a “subscription trap” dark pattern. In June 2023, the Federal Trade Commission (FTC) filed a complaint12 against Amazon.com in the United States (US) District Court for the Western District of Washington. The complaint alleged that Amazon knowingly employed manipulative, coercive, or deceptive user-interface designs (dark patterns) to deceive consumers into enrolling in automatically renewing Prime subscriptions. Moreover, the cancellation process for those intending to end their membership was overly complex.13 Before April 2023, consumers had two methods to cancel a Prime subscription: contacting customer service or navigating a “four-page, six-click, fifteen-option” cancellation process. Under FTC pressure, Amazon altered the cancellation process in April 2023, dubbing it the labyrinthine cancellation process (Iliad).14 However, the FTC opposed this change, attributing the complexity of the Iliad flow to the use of dark patterns.
In response to the FTC’s complaint, Amazon filed a motion to dismiss15 which was opposed by the FTC with a request for oral arguments.16 While Amazon maintains that it has complied with all applicable laws, the FTC views its Prime cancellation process as inherently complex, obstructive, and exploitative.
Interestingly, the CCPA has also issued a notice to Amazon India on similar grounds.17 The outcome of FTC v. Amazon case could potentially have ramifications for other platforms and e-commerce entities.
Advancing forward
The Guidelines represent significant progress in protecting consumers from dark patterns, but strict enforcement is crucial for effective consumer protection. To strengthen this, following measures can be taken:
(a) Online platforms should be vested with the responsibility for ensuring compliance with the Guidelines. They must design user interfaces that eliminate dark patterns and misleading ads while preventing future violations, promoting transparency and consumer protection.
(b) Dark patterns often undermine informed consent and data privacy, with consumers misled into providing personal data. Aligning the Guidelines with the Digital Personal Data Protection Act, 202318 (Dpdpa) will strengthen consumer protection by ensuring platforms obtain valid, informed consent and comply with data privacy rules.
(c) Inspired by the California Consumer Privacy Rights Act, 2020, the Guidelines should specify that contracts resulting from dark patterns are void due to invalid consent.
(d) The Guidelines should include provisions for compensating consumers who are harmed by dark patterns.
(e) Clear penalty provisions should be outlined to eliminate ambiguity and ensure proper enforcement.
Additionally, further clarifications in the Guidelines are needed for better implementation and understanding.
*Senior Associate, Singhania & Partners LLP.
1. Guidelines for Prevention and Regulation of Dark Patterns, 2023 (30-11-2023), G. 2(1)(e).
2. Consumer Protection Act, 2019, S. 2(47).
3. Consumer Protection Act, 2019.
4. Consumer Protection (E-Commerce) Rules, 2020.
5. Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022 (9-6-2022).
6. Guidelines for Prevention and Regulation of Dark Patterns, 2023 (30-11-2023).
7. Consumer Protection Act, 2019, S. 18.
8. “CCPA Notifies Guidelines for Prevention and Regulation of Dark Patterns” (SCC OnLine, scconline.com) (4-12-2023).
9. “CCPA Notifies Guidelines for Prevention and Regulation of Dark Patterns” (SCC OnLine, scconline.com) (4-12-2023).
10. Consumer Protection Act, 2019, S. 89.
11. Consumer Protection Act, 2019, S. 89.
12. Federal Trade Commission, “Complaint: In the Matter of Amazon.com, Inc.” (ftc.gov, 7-12-2022).
13. Federal Trade Commission, “FTC Takes Action Against Amazon for Enrolling Consumers in Amazon Prime Without Consent and Sabotaging Their Ability to Cancel” (ftc.gov, 21-6-2023).
14. Federal Trade Commission, “FTC Takes Action Against Amazon for Enrolling Consumers in Amazon Prime Without Consent and Sabotaging Their Ability to Cancel” (ftc.gov, 21-6-2023).
15. US Chamber of Commerce, ‘FTC v. Amazon.com, Inc.’ (uschamber.com) <https://www.uschamber.com/cases/consumer-protection/ftc-v-amazon-com-inc>, last accessed 24th February, 2025.
16. Federal Trade Commission, Amazon.com, Inc. (Amazon eCommerce) (Timeline Item) (ftc.gov, 8-2-2024).
17. “Hike in Incidents of Compromising Govt, High-Profile Persons’ Social Media Accounts: CERT-In”, Economic Times (government.economictimes.indiatimes.com, 29-1-2024).