On 7 September 2023, the Department of Consumer Affairs (“DoCA”), Ministry of Consumer Affairs, Food and Public Distribution (“Ministry”), with inputs from the Advertising Standards Council of India (“ASCI”), made public their draft Guidelines on Prevention and Regulation of Dark Patterns (“Guidelines”), on which comments were invited until 5 October, 2023. In our submissions, bolstered by community input, we highlighted and offered recommendations on five broad areas of concern: lack of regulatory clarity and possibilities of overlap; narrow categorisation of dark patterns that may lead to a narrow application of the guidelines; vague standards for prescribing penalties; pressing privacy concerns surrounding dark patterns; and consumer grievance redress. While a satisfactory starting point for regulating dark patterns, we believe that the Guidelines have an opportunity to establish robust consumer redress and feedback mechanisms, while strengthening existing ones.
Why should you care?
Dark patterns are deceptive UI designs that benefit an online service like websites or apps by influencing users into making decisions they might not otherwise make. They are all around us – from your preferred food delivery app to popular news websites, nearly every online service is using some form of deception or user manipulation to expand on their profits. These subtle (or in-your-face) design or advertising tricks subvert or impair user autonomy, influence decision making, and work to the detriment of the user.
In many contexts, dark patterns can amount to misleading advertisements, unfair trade practice or a violation of your consumer rights. To this end, the Ministry has taken up the mandate to regulate dark patterns in consumer interest. These guidelines aim to protect and enhance consumer experience on apps and websites by classifying dark patterns as contraventions under the Consumer Protection Act, 2019. In the near future, there may be opportunities to engage with the Guidelines through public consultations or consumer feedback – we urge you to participate and make your voices heard. Until then, we at IFF have attempted to capture your concerns in our submissions.
At the outset, we expressed our appreciation towards the Ministry’s attempt to regulate dark patterns through a preliminary set of guidelines that cut across sectors. Bringing dark patterns under the mandate of the Consumer Protection Act, 2019 (“Act”) is in line with the objectives of the Act – but this is a dynamic and ever-evolving space, with which the law must also eventually evolve. This post includes a summary of suggestions we submitted on how these Guidelines can evolve to holistically regulate and penalise dark patterns.
Multisectoral regulation: Dark patterns spread across a wide array of sectors (finance, insurance, e-commerce, travel, entertainment) and implicate a number of sectoral regulators and laws. Sectors like insurance and advertising have their own legal frameworks that penalise the use of dark patterns: IRDAI prohibits travel portals in India from selling insurance as a default option, and ASCI has its own guidelines regulating online deceptive patterns in advertising. Competition law also governs ‘unfair trade practices’, which the dark patterns are characterised as under the Guidelines. We urged the Ministry to take cognisance of regulators wanting to govern their sectors narrowly as the space becomes more dynamic, and clearly set out its jurisdiction in the Guidelines. Both lines of regulation can exist parallel to each other: sectoral regulators can undertake suo moto compliance assessments on entities, and the Guidelines can act as a public-facing recourse for aggrieved consumers to report dark patterns. Further, as the Guidelines apply in addition to existing sectoral laws, the Ministry must ensure that such ambiguity and possibility of dual penalties do not negatively impact design innovation and creativity, or affect personalisation which may be preferred by consumers.
Industry self-regulation: We argued that striking a balance between regulatory oversight through guidelines and a nodal regulator, and self-regulation among market players, is an effective framework to curb the use of dark patterns. Platforms and entities can set standards for themselves, much like the ASCI, to avoid onerous regulation. At the stakeholder consultation held by the Ministry on dark patterns, there was agreement that self-regulation and encouraging responsible design practices among players can play a pivotal role in addressing the issue. We urged the Ministry to consider defining broad parameters of dark patterns and providing grievance redressal systems to report them, while encouraging platforms and entities to set market standards to self-regulate. We recommended the following regulatory flow: Annexure 1 of the Guidelines can act as an indicative, and not exhaustive, list of dark patterns, and additional dark patterns or deceptive practices can be reported to the Ministry by consumers, civil society or market players through an institutionalised feedback mechanism. Once identified, the responsibility of limiting or discontinuing the deployment of the dark pattern should lie with market participants. In this way, the industry can self-regulate with oversight from the Ministry and feedback from consumers.
Narrow categorisation: In Annexure 1 of the Guidelines, the Ministry defines and illustrates ten categories of dark patterns and confines the application of the Guidelines to them. We submitted that while this is an apropos illustrative list for a preliminary framework, it does not cover the full extent of deceptive designs and practices prevalent today. Some other practices include obstruction, social proofs, psychological pricing, growth hacking, linguistic dead-ends, roach motels, privacy zuckering – the list is ever-expanding. IFF conducted a community survey where people reported over 100 instances of dark patterns across apps and websites – and we found that a large number of them do not expressly fall into any of the categories in Annexure 1. We argued that the Ministry should not prescribe exhaustive categories for dark patterns, and Annexure 1 should merely be an illustrative tool for consumers to identify and avoid dark patterns. This tool can be proactively updated through consumer feedback to reflect emerging dark patterns and trends of the time.
Vague penalty thresholds: The Guidelines do not expressly define contraventions or prescribe specific thresholds for penalties. As it stands, all dark patterns (as in Annexure 1) would attract broad penalties under the Consumer Protection Act, 2019. To apply the Guidelines equitably, we urged the Ministry to set clear parameters for penalties. We recommended that the Guidelines could establish an ‘intention to deceive’ to assess the gravity of consumer harm and extent of penalisation. Entities repeatedly deploying dark patterns or using a combination of them to cause intentional harm can be penalised. We do not believe that all cases or categories of dark patterns should be subject to the same penalties, as some designs can lead to greater consumer harm than others. However, we believe that penalties need not be limited to entities above a certain user base or monetary threshold as entities of any size can engage in deceptive practices.
Need to address privacy concerns: We submitted that the Guidelines need to address the plethora of privacy risks associated with dark patterns. Collection of excessive and unnecessary personal data without informed consent of consumers is a grave threat dark patterns pose to consumer interest. This risk may exist even after implementation of the Digital Personal Data Protection Act, 2023, as it does not govern interfaces or designs through which personal data is collected. We suggested two ways in which consumer data collection through dark patterns can be regulated:
- The Guidelines could include additional categories of dark patterns that compromise consumer privacy (such as privacy zuckering, nagging, privacy maze, bait and switch and linguistic dead-ends) and provide illustrations in Annexure 1 to make consumers aware of the data risks associated with them.
- The Ministry could suggest standards and principles for platforms or entities engaging in data collection, guiding them on how to minimise the data they collect from consumers, and process it in a transparent manner. Establishing principles like ‘privacy by design’, which encourage data protection through inherent technology design, can help meet this objective and mitigate consumer data risks.
Strengthening consumer GRS: We urged the Ministry to strengthen existing enforcement mechanisms and grievance redress channels established by the Consumer Protection Act, 2019 to better implement these Guidelines. DoCA and ASCI have a Grievances Against Misleading Advertisements (GAMA) portal, which may be repurposed and used under the Guidelines for expedited and easy consumer redressal, instead of creating a parallel mechanism. We also submitted that the Guidelines should clearly set out all the recourses available to an aggrieved consumer to file complaints against dark patterns, including DoCA helplines, portals and channels under the Act.
- IFF’s comments on the draft Guidelines on Prevention and Regulation of Dark Patterns (link)