Authored By: Garvita Kathuria
Maharaja Agrasen Institute of Management Studies
Abstract
India’s fast fashion boom has quietly started a new era of algorithmic manipulation, one that outpaces the laws meant to stop it. Platforms powered by artificial intelligence now set personalized prices, create false urgency, and take advantage of psychological weaknesses through dark patterns, all in real time and mostly out of sight. Yet India’s main legal frameworks, the Consumer Protection Act, 2019, the E-Commerce Rules, 2020, and the Digital Personal Data Protection Act, 2023, were designed for a marketplace that existed before AI. This paper argues that India’s reactive, technology-neutral regulatory model has created serious blind spots. The CPA 2019’s definition of “unfair trade practice” does not cover algorithmic price discrimination. Consent mechanisms under the DPDPA 2023 are often undermined by the very dark patterns they aim to stop. Moreover, institutions like the CCPA do not have the technical expertise to audit complex algorithmic systems. By comparing this situation with the EU AI Act and GDPR, the paper proposes specific reforms, including transparency mandates for algorithms, a classification system based on risk, and a specialized Algorithmic Fairness Tribunal, to help India move from mere compliance to real consumer protection.
Keywords: Consumer Protection Act 2019, Algorithmic Manipulation, Fast Fashion, AI Personalization, Dark Patterns, DPDPA 2023, EU AI Act.
- Introduction
India’s digital commerce market has seen a rapid integration of advanced technologies and the fast fashion industry has benefitted from aggressive competition coupled with fast product cycles and rapid changes in customer demand. The use of artificial intelligence (AI) by these platforms introduces a considerable imbalance in the customer-retailer relationship. Particularly, the AI algorithms used for dynamic pricing, personalized suggestions and behavioral nudges are designed to exploit consumers and the capacity of these algorithms is far superior to the consumer’s ability to identify any manipulation.
India’s consumer protection frameworks are the Consumer Protection Act, 2019, the E-Commerce Rules, 2020 and the Digital Personal Data Protection Act, 2023. While these frameworks provide some level of consumer protection for digital transactions, they are not adequate to keep pace with developments in the digital marketplace.[1] This paper examines the specific gaps in India’s consumer protection laws regarding the use of AI and algorithmic manipulation in fast fashion retail and offers a critique of these legal frameworks. The paper is divided into several sections. Firstly, it outlines the relevant context and concepts. Secondly, it examines the systems of law that apply. Thirdly, it addresses pertinent judicial and regulatory issues. Fourthly, it offers a comparative critique, conclusion and recommendations.
- Background and Conceptual Framework
Fast fashion retail differs from usual e-commerce in three structural ways that increase consumers’ vulnerabilities to algorithmic exploitation: rapid product turnover, the promotion of an artificial sense of urgency to induce demand and the young, aspirational consumer base regarding whom behavioral nudging is most effective. Fast fashion platforms leverage real-time user data including recent web visits, device and browser fingerprints, geo-location and past purchases to create individualized price points and product suggestions that most users cannot recognize as specific marketing strategies[2], but rather as impartial, commercially neutral recommendations.
Algorithmic manipulation is the use of code to shape consumer choices through below-conscious techniques such as dynamic pricing and filter bubbles, as well as behavioral dark patterns[3]. AI-driven personalisation is the individualized, machine-learning-based modification of commercially offered content[4] (prices, product suggestions, ads) that is built upon the aggregation of users’ behavioral data.
Dark patterns are misrepresentations of user’s choice, such as hidden fees and pre-selected options, that benefit the platform.[5]
The information asymmetry model of consumer protection provides the basis for this paper. This model suggests that correcting information asymmetries between large-scale commercial actors and individual consumers is among the law’s principal functions. In the context of AI, this imbalance is aggravated by the so-called ‘black box problem’. Consumers neither have the means to access nor understand the algorithmic logic which prescribes choices for them[6], while companies work with fine-grained, predictive models of consumer behavior.
The regulatory measures taken by India in response to these changes have been gradual and largely technology-agnostic. The DPDPA 2023[7] and its implementation regulations issued in 2025 are concerned with consent and data processing but do not provide specific guidelines on how personal data can be used for the purposes of algorithmic targeting. The CCPA Guidelines for Prevention and Regulation of Dark Patterns, 2023 have been designed with more specificity in mind, but the focus of these guidelines on interface manipulation makes AI-based manipulation difficult to regulate effectively.
3. Legal Analysis
3.1 Consumer Protection Act, 2019
The CPA 2019 was seen as a modernization of Indian Consumer Law, expanding its reach to e-commerce transactions and digital products. Section 2(16) broadly defines ‘consumer’ to include buyers of digital services. Section 2(9) outlines consumer rights, including protection against unfair trade practices. However, the Act’s definitions leave a critical gap for AI-driven commerce. Section 2(47) defines ‘unfair trade practice’ using a framework based on physical-world deception, such as misleading advertisements, false representations, and unsolicited goods. This does not address the economic harms caused by algorithmic consumerism, like dynamic price discrimination, filter bubble manipulation, or hub-and-spoke algorithmic collusion.[8]
Moreover, the CPA 2019 and the E-Commerce Rules, 2020 lack clear provisions on the use of AI or algorithmic systems in consumer-facing platforms. This silence means that manipulative algorithmic practices like device-based pricing that charges different prices for the same product based on whether a user accesses a platform via a premium smartphone or an entry-level Android device[9] cannot be effectively tackled under the current unfair trade practices provisions without considerable stretching of the definitions. The E-Commerce Rules, 2020 require mandatory disclosures and grievance redress mechanisms. However, their disclosure requirements are superficial; they require entities to disclose personalized ranking parameters but do not specify how meaningful, clear, or accessible those disclosures should be for everyday consumers.
3.2 Digital Personal Data Protection Act, 2023
The DPDPA 2023 sets up a consent-based system for handling personal data. It focuses on purpose limitation, data minimization and the right to eliminate. In theory, these rules should limit the behavioral profiling that supports AI-driven personalisation. However, in reality, the consent setup of the DPDPA 2023 has been undermined by the same manipulative interfaces it aims to prevent. Bundled permissions, unclear consent processes and automatic acceptance features mean that legal consent under the DPDPA 2023 is often obtained through the very deceptive practices the CPA 2019’s CCPA Guidelines intend to stop.[10]
The DPDPA 2023’s idea of data portability provides some protection by allowing consumers to move their data to other platforms, which should restore competitive choice. However, this provision alone is not enough. In fast fashion markets that have oligopolistic structures and algorithmic collusion, portability rights cannot fix the power imbalances that let platforms influence consumers in the entire industry at once.
3.3 Competition Law and the Limits of the Competition Act, 2002
Algorithmic collusion, specifically the ‘hub-and-spoke conspiracy’ model, happens when competing fast fashion platforms coordinate their pricing through a shared algorithm without directly communicating.[11] This model creates a significant regulatory blind spot. The Competition Act, 2002 requires proof of monopoly power or an open agreement between competitors. It is hard to prove either when the coordination comes from independent platforms using the same algorithmic pricing tools. The Competition Commission of India does not have the technical ability or legal authority to investigate the unclear algorithmic systems that allow this collusion[12]. This issue is made worse by the lack of ongoing audit processes. Without mandatory requirements for algorithmic registration and audits, regulators cannot recognize coordinated algorithmic behavior, much less take legal action against it.
3.4 The CCPA Dark Patterns Guidelines, 2023
The Central Consumer Protection Authority’s Guidelines for Prevention and Regulation of Dark Patterns, 2023 are the most targeted regulatory action so far. The Guidelines clearly ban practices like hidden fees, default pre-selected options, unclear cancellation methods and repeated prompts. This marks a significant improvement over the CPA 2019’s general unfair trade practice rules. However, the Guidelines treat dark patterns as fixed design choices rather than as changing, AI-driven behavioral tactics.[13] This is an important distinction because an AI system that adapts real-time purchase interfaces for individual consumers based on their psychological profiles operates under different regulations than a standard deceptive interface. The technology-neutral language of the Guidelines makes them inadequate to address AI-driven manipulation that adjusts to specific consumer vulnerabilities.
- CASE LAW AND REGULATORY DEVELOPMENTS
Indian courts have not yet ruled on the legality of AI-driven manipulation in fast fashion or e-commerce as a whole. The judicial approach to digital consumer protection has been gradual, with courts mostly applying existing unfair trade practices to digital settings without creating specific frameworks for AI. Because there are no direct cases on the matter, this section relies on important regulatory developments and related court decisions on consumer rights and data privacy.
The Supreme Court of India’s ruling in Justice K.S. Puttaswamy v Union of India[14] recognized informational privacy as a fundamental right under Article 21 of the Constitution. While this case did not focus on consumer protection, it provides a constitutional basis for arguing that data profiling and exploitation without proper consent violate constitutionally protected privacy. The following legislative response, the DPDPA 2023, was directly influenced by this constitutional mandate. Courts interpreting the Act’s consent rules will likely take a broad view in light of Puttaswamy’s privacy principles. This has important implications for consumer challenges to unclear algorithmic profiling in fast fashion. If a platform’s AI system uses personal data to manipulate consumer behavior without genuinely informed consent, a privacy-based consumer claim could be backed by constitutional protection.
At the regulatory level, the Central Consumer Protection Authority has taken action against several e-commerce platforms for violating the Dark Patterns Guidelines 2023, confirming that deceptive design falls under the CCPA’s enforcement authority through the CPA 2019. These precedents are crucial for claims of algorithmic manipulation because they show the CCPA’s readiness to address digital business practices, even without specific laws about AI. However, the lack of enforcement targeting AI-driven dynamic pricing or personalized manipulation in fast fashion highlights the capability gap noted in scholarship: regulators do not have the expertise or tools needed to identify and target complex algorithmic practices.
In comparison, the European Court of Justice’s evolving case law under GDPR’s[15] Article 22, which grants a right not to face decisions based solely on automated processing, offers a model for Indian courts and regulators. The ECJ’s focus on meaningful explanations for automated decisions challenges the disclosure issues raised in Indian literature. Indian judges facing algorithmic manipulation claims would benefit from considering this case law as persuasive support, especially since Indian courts have historically been open to comparative reasoning in constitutional and human rights matters.
- CRITICAL ANALYSIS
5.1 Reactive Versus Proactive Regulatory Framework
The main structural issue in India’s consumer protection system is its reactive stance. India’s model reacts to consumer harm after it happens; the EU’s approach, seen in the AI Act 2024’s four-tier risk classification and the Digital Services Act’s transparency rules, places obligations on platforms before issues arise. In fast fashion, where consumers make quick, low-reflection decisions under pressure from algorithms, responses after the fact are not effective, the manipulation has already worked by the time a complaint is made.
5.2 From Disclosure Formalism to Information Enrichment
Current disclosure rules meet a formal rather than substantial transparency standard. Platforms can technically comply by hiding algorithmic disclosures in long terms of service, thus meeting regulatory requirements while undermining their purpose. The suggested move towards ‘information enrichment’ mandates would require platforms to actively vary algorithmic recommendations instead of simply disclosing them. This approach aligns with the EU AI Act’s emphasis on human oversight and clear explanations as corrections to unclear AI systems. The main counter-argument is that enforcing recommendation diversity could disrupt legitimate business personalisation and intellectual property rights is valid, but it can be addressed through requirements that balance compliance with commercial flexibility while banning clearly manipulative practices.
5.3 Institutional Capacity and Specialization
There is a lack of specialized AI knowledge within current consumer protection institutions. The CCPA, while authorized to address consumer rights violations, does not have the skills to effectively investigate, audit, or penalize algorithmic manipulation. Without a body like the EU AI Board, enforcement will remain inconsistent. Proposals for a Central Consumer Protection Authority AI Division and an Algorithmic Fairness Tribunal are based on successful comparisons and the absence of these entities highlights a significant structural flaw in design.
5.4 Fast Fashion as a Sector-Specific Regulatory Blind Spot
The focus on AI and consumer protection in India mainly discusses e-commerce in broad terms, leaving out fast fashion. This is concerning because the fast fashion sector creates consumer vulnerabilities, such as the manipulation of sustainability concerns to drive excess consumption through algorithmically influenced ‘greenwashing’[16] and targeting younger, digitally savvy consumers with personalized social media marketing. Generic e-commerce regulations do not adequately cover these issues. A specific regulatory framework for AI practices in fast fashion, based on the EU’s sector-specific extensions of GDPR obligations to high-impact digital markets, would offer a better regulatory response.
6. CONCLUSION
India’s consumer protection system has interconnected gaps that make it inadequate to manage AI-driven manipulation in fast fashion retail. The Consumer Protection Act, 2019’s definitions are too narrow to address algorithmic economic harms. The Disclosure obligations under the E-Commerce Rules, 2020 meet formal transparency standards but not substantive ones. The DPDPA 2023’s consent requirements are exposed to the very dark patterns they aim to prevent. Additionally, enforcement struggles due to institutional shortcomings and a lack of ongoing audit processes. The main argument, that India’s reactive, technology-neutral regulatory model creates blind spots in facing complex AI-driven manipulation is confirmed in all areas of the analysis.
Fixing these gaps requires coordinated reforms in law, institutions and enforcement. Legislative changes should add clear algorithmic transparency duties to the CPA 2019, revise the Section 2(47) definition of ‘unfair trade practice’ to include AI-driven economic harms and introduce a risk-based classification system for manipulative algorithms modeled after the EU AI Act. The CCPA needs a specialized AI oversight division with the necessary technical knowledge, along with an Algorithmic Fairness Tribunal to manage algorithmic harm claims. Enforcement methods should be improved by requiring continuous algorithm audits and registration for high-risk algorithmic systems. Fundamentally, the regulatory approach must shift from formal disclosure to genuine information enrichment mandates that demand platforms actively protect consumer autonomy instead of only recognizing violations.
Reference(S):
- Justice K.S. Puttaswamy (Retd.) v Union of India (2017) 10 SCC 1.
- Competition Act, 2002 (India).
- Consumer Protection Act, 2019 (India).
- Consumer Protection (E-Commerce) Rules, 2020 (India).
- Digital Personal Data Protection Act 2023, (India).
- Regulation (EU) 2016/679 (General Data Protection Regulation) [2016] OJ L119/1.
- Central Consumer Protection Authority, ‘Guidelines for Prevention and Regulation of Dark Patterns 2023’ (Ministry of Consumer Affairs, Food and Public Distribution, Government of India, 2023).
- Shatakshi Johri, ‘Emerging Artificial Intelligence and its Cascading Effects on Consumer Protection in India: An Analytical Study’ (2023) 19(3) World Journal of Advanced Research and Reviews.
- Varda Mone and others, ‘AI Price Tags and Privacy: When Your Data Sets Your Price’ (2026) WIREs Data Mining and Knowledge Discovery
- Shibanee Acharya and others, ‘Transparency and Explainability of Algorithms from a Consumer Law Perspective’ (2025) Advanced International Journal for Research
- Damaraju Pradeep Kumar and Kandukuri Sai Krishna, ‘Dark Pattern in Online Trading – A Critical Examination of their Legality under Consumer Protection Laws’ (2025) Gurukul International Multidisciplinary Research Journal
- T Kumar and Sadaf Shabbir Siddqui, ‘Algorithmic Consumerism: Redefining Consumption and Choice in the Digital Era’ (2026) International Journal of Retail and Consumer Research
- Akshay Yadav, ‘Strengthening Consumer Consent in E-Commerce: Legal and Policy Reforms to Address Dark Patterns and AI-Driven Challenges’ (2026) Journal of Data Protection & Privacy
- Anuj Sharma, ‘Algorithms and Accountability: Reimagining Consumer Grievance Redressal in India’s AI-Driven Marketplace’ (2026) SSRN
- Krishna Deo and S Chauhan, ‘Darker Patterns? AI-generated Persuasion and the Regulatory Void in Indian Law’ (2024) 9(1) Journal of Development Policy and Practice
- Jagriti Singh and Surbhi Mathur, ‘The Impact of AI-Driven Hyper-Personalization on Sustainable Consumer Buying Behaviour: Opportunities, Ethical Challenges, and Pathways for Green Marketing in Emerging Markets’ (2026) Economic Sciences
[1] Shatakshi Johri, ‘Emerging Artificial Intelligence and its Cascading Effects on Consumer Protection in India: An Analytical Study’ (2023) 19(3) World Journal of Advanced Research and Reviews.
[2] Varda Mone and others, ‘AI Price Tags and Privacy: When Your Data Sets Your Price’ (2026) WIREs Data Mining and Knowledge Discovery
[3] Shibanee Acharya and others, ‘Transparency and Explainability of Algorithms from a Consumer Law Perspective’ (2025) Advanced International Journal for Research
[4] Mone (n 1)
[5] Damaraju Pradeep Kumar and Kandukuri Sai Krishna, ‘Dark Pattern in Online Trading – A Critical Examination of their Legality under Consumer Protection Laws’ (2025) Gurukul International Multidisciplinary Research Journal
[6] Acharya (n 2)
[7] Digital Personal Data Protection Act, 2023
[8] T Kumar and Sadaf Shabbir Siddqui, ‘Algorithmic Consumerism: Redefining Consumption and Choice in the Digital Era’ (2026) International Journal of Retail and Consumer Research
[9] Mone (n 1)
[10] Akshay Yadav, ‘Strengthening Consumer Consent in E-Commerce: Legal and Policy Reforms to Address Dark Patterns and AI-Driven Challenges’ (2026) Journal of Data Protection & Privacy
[11] Kumar & Siddqui (n 6)
[12] Anuj Sharma, ‘Algorithms and Accountability: Reimagining Consumer Grievance Redressal in India’s AI-Driven Marketplace’ (2026) SSRN
[13] Krishna Deo and S Chauhan, ‘Darker Patterns? AI-generated Persuasion and the Regulatory Void in Indian Law’ (2024) 9(1) Journal of Development Policy and Practice
[14] Justice K.S. Puttaswamy (Retd.) v Union of India (2017) 10 SCC 1
[15] General Data Protection Regulation (GDPR) 2016
[16] Jagriti Singh and Surbhi Mathur, ‘The Impact of AI-Driven Hyper-Personalization on Sustainable Consumer Buying Behaviour: Opportunities, Ethical Challenges, and Pathways for Green Marketing in Emerging Markets’ (2026) Economic Sciences





