In the ever-expanding realm of internet ubiquity, creating a digital footprint for businesses is imperative! Amidst an unprecedented surge in e-commerce, deceptive practices known as ‘Dark Patterns’ have emerged, involving disingenuous ways to allure consumers into decisions not aligned with their optimal interest.
This blog aims to succinctly encapsulate solutions to regulatory compliance conundrums businesses need to navigate in light of the recently notified Guidelines for Prevention and Regulation of Dark Patterns, 2023 (“Guidelines”) under the Consumer Protection Act, 2019 (“CPA”).
However, before moving to the heart of the matter, it is essential to grasp the fundamentals:
Perhaps you have come across messages while purchasing flight tickets on travel platforms, subtly coercing you to purchase non-compulsory insurance with phrases like: “I am glad to risk my life”! Or faced instances where you downloaded mobile applications advertised as free, only to discover concealed in-app purchases! Or visited product websites seeking authorization for auto debits to avail a ‘free subscription’!
If yes, you may have unwittingly encountered instances of Dark Patterns!
What are Dark Patterns?
Dark patterns[1] include deceptive design/ practices /patterns which use User Interface / User Experience interactions on platforms to mislead users to do something originally not intended, by subverting / impairing consumer autonomy, amounting to misleading advertisement or unfair trade practice or violation of consumer rights.
Applicable to:
- Platforms systemically offering goods or services in India, (including foreign companies providing goods or services in India).
- Advertisers, i.e., persons designing, producing, and publishing advertisements (by themselves or through others) to promote the sale of goods and services.
- Sellers, i.e., persons, who in the course of business, imports, sells, distributes, or markets goods or services for commercial purposes.
Therefore, irrespective of the nature of the business, these Guidelines will be applicable. However, given that CPA’s application is limited to goods and services provided to individuals i.e., in a Business-to-Consumer (B2C) context, it is likely that these Guidelines will not apply to Business-to-Business (B2B) models.
Few Examples:
Example 1: Imagine a situation where a mobile application lures users by offering a free trial for a limited period, while concealing the cancellation process which is intentionally obscured deep within the settings. In their haste, users may unwittingly find themselves subscribed to a premium service, incurring charges without informed consent.
Exploiting cognitive biases and rushing users through subscription while making opting out arduous are practices which would fall under the purview of ‘Dark Patterns’ and is consequently prohibited.
Example 2: An e-commerce platform presents a special offer for a sought-after mobile phone, emphasizing its limited availability! To hasten the transaction, the e-commerce platform further pre-selects expedited shipping, albeit at an extra fee. Customers, keen to procure the ‘coveted device’, may overlook this pre-selected checkbox. Such subtle manoeuvres of basket sneaking, fall within the ambit of ‘Dark Patterns’; are at odds with the Guidelines and consequently prohibited.
Example 3: Let us consider another situation where an e-commerce platform entices potential customers with a tantalizingly low price for a premium music player. However, while progressing through online purchase process, ancillary fees, including those for shipping, taxes and handling emerge, steadily inflating the final tally. This incremental revelation/ addition of supplementary charges not only deceives consumers but also violates the Guidelines by employing drip pricing, a ‘Dark Pattern’.
Regulatory compliance framework:
While these Guidelines provide a structured approach to safeguard consumers against ‘dark patterns’, they also complement the existing regulatory compliance framework under legislations such as the Consumer Protection Act, 2019, Consumer Protection (E-Commerce) Rules, 2020, Guidelines on Insurance E-commerce, Guidelines for Prevention of Misleading Advertisements, Digital Personal Data Protection Act 2023 among others.
Businesses must gear up for compliance management at a grassroots operational level, requiring close collaboration between various teams (wielding significant sway over consumer interactions), such as:
Technology / Software design team: plays a pivotal role in shaping User Interface and User Experience interactions, significantly influencing how consumers engage with products and services;
Marketing and business development team: responsible for advertising / promoting products and services, which directly impacts consumer perception and behaviour.
Business analytics team: tasked with analyzing user behavior, helps with customer insights/ preference driven business-decisions.
Finance team: responsible for ensuring desired cashflow while aligning financial transactions with regulations, avoiding practices which could be construed as deceptive under the current Guidelines.
It is imperative for all business teams to comprehend and align their ‘Business as Usual’ activities with existing legal compliance requirements, and avoid activities earmarked as ‘Dark Patterns,‘.
Strategies to adapt to compliance requirements:
In light of the above-mentioned compliance obligations, businesses may find it prudent to conduct periodic audits of existing systems to discern any potential breaches of these Guidelines, while ensuring that their consumer-facing platforms remain devoid of ‘Dark Patterns’.
Further, comprehensive training sessions may be arranged for non-legal business teams operating within the product and services ecosystem, including third-party service providers engaged in advertising or user interface designing, to ensure holistic compliance.
Komrisk, our Compliance Management tool offers an enterprise-level solution for regulatory compliance management, bringing together the business, marketing, finance, technology and legal teams under one platform thereby facilitating collaboration between various teams and cross-functional users to ensure compliance at different levels. Moreover, it also serves as an encyclopedia of applicable compliance obligations with corresponding penalties for businesses. With the capability to upload tangible proof of compliance, Komrisk substantiates the completion of compliance tasks and aligns with a flexible escalation mechanism spanning up to ten levels, along with real-time dashboard of reports thereby equipping senior management with information to enhance operational efficiency, maintain transparency, and scrutinize compliance status in real-time. By helping evaluate potential risks linked to pending compliances across all entities, operating units, and departments, Komrisk facilitates informed decision-making while offering a panoramic view of the organization’s compliance landscape.
In the ever-evolving digital realm, the surge in ‘Dark Patterns’ casts a shadow on ethical business practices. The recently introduced Guidelines, coupled with existing legislative frameworks, underscores the importance of safeguarding consumer interests within the expansive realm of e-commerce, thereby making it imperative for businesses to leverage Legal governance, risk management, and compliance (LGRC) tools such as Komrisk for comprehending compliance obligations prescribed under all applicable laws and building ethical compliance practices within their operational fabric.
[1] Some identified ‘Dark Patterns’ under the Guidelines:
Few activities identified as ‘Dark Pattern’ practices and consequently prohibited under the Guidelines:
| False Urgency | conveying a misleading sense of urgency / scarcity to manipulate users into making immediate purchase. |
| Basket Sneaking | surreptitiously adding extra products, services, charity etc. during checkout without explicit consent resulting in user being charged more for the chosen product or service. |
| Confirm Shaming | employing fear, shame, ridicule, or guilt to manipulate users into desired action like making a purchase or continuing a subscription. |
| Subscription Trap | practices such as hiding cancellation options, coercing users into providing payment details for ‘free subscription’ or creating ambiguous / confusing instructions for cancellation of subscription. |
| Interface interference | manipulation of User Interface by emphasizing specific information while obscuring relevant details, to misdirect users from taking the desired action. |
| Bait and switch | advertising a cheaper option based on the user’s action but deceptively serving a higher priced alternate option. |
| Drip pricing | concealing elements of price upfront and revealing it surreptitiously within the user experience. For instance, charging a higher amount than initially disclosed post-confirmation of purchase. |
| Nagging | user experiences repeated and persistent requests or interruptions aimed at facilitating a transaction for commercial gains. |
| Disguised Advertisements | camouflaging advertisements to blend with the interface and trick customers into clicking on them. Includes misleading advertisements as defined under Guidelines for Prevention of Misleading Advertisements and Endorsements for Misleading Advertisements, 2022 |
| SaaS Billing | generating and collecting recurring payments from consumers in a Software as a Service (SaaS) business model as surreptitiously as possible. Example: user is not notified/ intimated when free trial is converted to paid. |
Written by: Abhishek Roy
Disclaimer
This content is intended for informational purposes only and does not constitute a legal opinion. Despite our efforts to maintain accuracy, we do not make representations, warranties or undertakings regarding the quality, completeness or reliability of the content. Readers are encouraged to seek legal counsel prior to acting upon any of the information provided herein. This content, including the design, text, graphics, their selection and arrangement, is Copyright 2024, Lexplosion Solutions Private Limited or its licensors. ALL RIGHTS RESERVED, and all moral rights are asserted and reserved.
For any clarifications, please reach out to us at 91-33-40618083 or inquiries@lexplosion.in. Refer to our privacy policy by clicking here.
