Deceptive Designs: A Legal Analysis of Dark Patterns in the Indian E-Commerce Sector.

Read Time:7 Minute, 3 Second

Author: Akshay Kumar a 4th years BBA LLB student

Abstract

The rapid digitization of the Indian economy has transformed consumer-market interactions, bringing both convenience and hidden dangers. One of the biggest threats is the rise of “dark patterns” strategically designed user interface and experience (UI/UX) designs that aim to alter consumer behavior and erode autonomy. This article explores the taxonomy of 13 prohibited dark patterns identified by the Central Consumer Protection Authority (CCPA) in its 2023 Guidelines, which include tactics such as false urgency, basket sneaking, and drip pricing. By examining the cognitive biases these designs exploit such as anchoring, loss aversion, and sunk cost fallacy this paper highlights the psychological mechanisms that make digital deception effective. Additionally, the article analyzes the current regulatory environment in India, including the Consumer Protection Act (2019) and the Digital Personal Data Protection Act (2023), and compares it to global frameworks such as the EU’s Digital Services Act. Finally, it addresses the “compliance crisis” arising from the gap between corporate self-audits and independent real-world audits, and outlines a path forward for stronger enforcement and consumer justice.

Keywords: dark patterns, consumer protection, CCPA, digital deception, behavioural economics, UI/UX, India.

Introduction

By the beginning of 2024, India will have over 751.5 million internet users, making it one of the most dynamic digital environments in the world. However, this growth also has a dark side: the rise of sophisticated, deceptive design strategies known as “dark patterns.” These aren’t just visual flaws or poor user experiences; they are deliberate, strategically designed interface elements designed to manipulate consumers for corporate gain. Coined by Harry Brignall in 2010, the term “dark patterns” identifies a spectrum of digital “sleight of hand” that exploit cognitive biases to trick users into unintentional actions, such as hidden subscriptions or excessive data sharing. In a country like India, where digital literacy is highly disparate, these practices pose a direct threat to fair trade and informed consent. Recognizing this, the Central Consumer Protection Authority (CCPA) notified comprehensive guidelines in late 2023 to regulate and prevent specific fraudulent practices.

Taxonomy of Deception: 13 Prohibited Patterns

The CCPA’s 2023 Guidelines define dark patterns as practices that mislead or deceive users into doing something they did not intend. These are categorized as unfair trade practices.

1. False Urgency and Scarcity

This involves creating an artificial sense of time pressure, such as countdown timers that reset or “Only 1 item left” messages when inventory is actually high. Research shows that these practices are used in approximately 32% of popular Indian apps, especially in travel and retail.

2. Basket Sneaking and Hidden Fees

Basket sneaking is the act of adding a product or service (such as travel insurance or charity donations) to the cart without consent at the final stage of checkout. Although mandatory taxes are not included, any sneaky addition is a violation.

3. Confirmation Shaming.

This pattern uses guilt or humor to persuade someone to opt out. For example, a “No” button labeled “No, thanks, I hate saving money” makes refusal appear an unintentional decision. The CCPA recently issued a notice to IndiGo to prevent users from abandoning paid seats using “No, I’ll take the risk.”

4. Subscription Trap (“Roach Motel”)

A “roach motel” makes signing up easy but canceling nearly impossible, often with the cancellation option hidden in settings. It often involves “forced continuity,” where free trials are converted into paid subscriptions without clear notification.

5. Drip Pricing

This is a method of concealing the full price until the final transaction step. Additional fees, such as “platform fees” or “convenience fees,” are “dripped” into the total. An audit by LocalCircles found that 66% of major Indian platforms use this tactic.

6. Interface Intrusiveness and Visual Misdirection

Platforms highlight some information while hiding others, such as making the “Accept All” button bright and the “Reject” button low-contrast. Approximately 45.3% of Indian apps use some form of interface intrusion.

7. Bait and Switch

Advertising one outcome (such as a lower price) but then offering a different outcome (a more expensive option) after the user has committed.

8. Hidden Ads

Promotional content disguised as organic reviews, news, or native interface elements like the “Download” button.

9. Annoyance

Repeated interruptions, such as repeated pop-ups for app downloads or newsletter sign- ups, reduce user engagement.

10. Trick Wording

Using confusing language to mislead the user, such as double negatives (e.g., “Check here if you don’t want to opt out of marketing emails”).

11. SaaS Billing and Secret Recurring Charges

Secretly billing users repeatedly without clear management tools or information about trial-to-paid conversions.

12. Malicious Malware and Fearware

Displaying fake security warnings to trick users into paying for “repair software” that is actually harmful.

13. Forced Action

Forcing a user to take a different action (such as downloading a different app) to access the service they want to use.

Behavioral Engine: Cognitive Bias

Dark patterns work because they exploit human psychology. Platforms exploit several specific biases:

Anchoring: Displaying a higher “original price” next to the “final price” makes the final price seem like a greater benefit, even if the higher price was never actually
Loss aversion: The pain of losing something is twice the joy of gaining it. “Expiring coupons” make users feel like they’re losing value that already belongs to them.
Sunk cost fallacy: Once a user has spent time filling in shipping details, they’re more likely to incur a last-minute “convenience fee” than to lose the hard work they’ve already put in.
Default bias: Users tend to stick with pre-selected options, which is why platforms use pre-ticked boxes for insurance or donations.
Social proof: Fake notifications like “15 people are watching this room” create a false sense of urgency.

Regulatory Framework in India

India has adopted a multi-pronged approach to address these designs:

Consumer Protection Act, 2019: The CCPA can investigate “unfair trade practices,” which now explicitly includes 13 dark patterns.
DPDPA, 2023: This Act requires that consent for data processing must be free and specific. Patterns such as “privacy hacking” will likely violate this Act once it becomes fully operational.
Penalties: Failure to comply with CCPA directives could result in up to six months in prison and a fine of up to ₹20 Data breaches under the DPDPA could reach up to ₹250 crore.

Compliance Crisis

In mid-2025, the CCPA directed platforms to conduct self-audits. By November 2025, 26 major players, including Flipkart, Zomato, and Swiggy, had declared compliance.

However, LocalCircles’ audit, involving 300 platforms and 250,000 consumers, found a significant gap: 97% of popular platforms were still using dark patterns. Most notably, of the 26 companies that declared themselves “dark-pattern-free,” 21 were still using manipulative design, specifically “drip pricing.”

Conclusion and Way Forward

The fight against dark patterns in India has only just begun. Although regulatory guidelines exist, the “soft” nature of current enforcement and the “intent” loophole where companies claim that patterns are unintentional UI flaws remain obstacles.

To strengthen enforcement, India must:

Codify the 13 patterns into enforceable rules with appropriate
Establish joint oversight between the CCPA and the Data Protection
Require standard UX elements for important tasks like

Consumers should remain vigilant and use tools like the National Consumer Helpline to report fraudulent practices. Between April and December 2025, the NCH facilitated refunds worth

₹426 million, indicating that tools for justice are gaining popularity.

Reference

Books and Important Documents

Central Consumer Protection Authority, Guidelines for the Prevention and Regulation of Dark Patterns (2023).
Consumer Protection Act, 35 of 2019, India Code.
Digital Personal Data Protection Act, 22 of 2023, India Code.

Reports and Audits

LocalCircles, Aggregate Sectoral Audit on Dark Patterns in Indian E-Commerce Platforms (2025).
ASCI and Khaitan & Company, Conscious Patterns: A Study of Deceptive Patterns in Top Indian Apps (2024).
PIB, 26 Leading E-Commerce Platforms Declare Compliance with Self-Audit to Eliminate Dark Patterns (2025).

Articles and Case Law References

Harry Brignall, Deceptive Design: The Taxonomy of Dark Patterns (2010).
CCPA v. InterGlobe Aviation (IndiGo), CCPA Notice No. 2024/06/19 (regarding confirmation shaming in seat selection).
CCPA v. Big Tree Entertainment Pvt. Ltd. (BookMyShow), CCPA Notice No. 2025/02/11 (regarding basket sneaking in charity donations).

Global Comparative Reference