Authored By: Aditya Tiwari
Post Graduate College of Law, Osmania University Hyderabad.
Introduction
In the age of advancing technology and convenience, everything surrounding business is being digitalized, as are the transactions and agreements between consumers and companies. The rise of e-commerce platforms like Amazon and Flipkart revolutionized traditional markets, but this same e-commerce landscape is now being revolutionized by the fast-paced growth of “quick-commerce” platforms, whereby consumers can get what they want in minutes while standard e-commerce apps take longer for delivery. But every product or service comes with its pros and cons, as do the companies and the industry itself. The digital platform industry runs entirely on code; because it is digital, its “Terms and Conditions” and “Privacy Policy” are digital too. In the present age, where these companies are constantly criticized for the “dark patterns” on their platforms, the validity of consumer consent remains blurred.1 This article addresses the dark patterns used by such platforms and the legality of the consumer consent obtained through digital clicks.
In the digital marketplace, consumer consent has become a mere formality rather than an informed choice. The screens that prompt users to “agree” or “accept” are often designed not to inform but to manipulate. Companies employ sophisticated techniques—pre-ticked checkboxes, deliberately confusing language, hidden costs revealed at checkout, and endless scrolling through dense legal text—all calculated to secure consent without genuine understanding. The question arises: can consent obtained through such deceptive design truly be considered valid? When platforms exploit cognitive biases and interface design to nudge users toward predetermined choices, the foundational principle of informed consent crumbles. This manipulation extends beyond mere inconvenience; it fundamentally undermines the contractual relationship between consumers and businesses, raising serious questions about the enforceability of agreements obtained through such questionable means.
The Dark Patterns
Deceptive Patterns (also known as “Dark Patterns”) are techniques used by platforms or applications to influence consumers to perform certain actions, even against their will. These patterns are deeply integrated into the UI (User Interface) and UX (User Experience) of the application. They target consumer autonomy and aim to influence consumer decisions and behavior. These manipulative designs exploit psychological vulnerabilities and cognitive limitations of users, making it difficult to distinguish between genuine choice and coerced action. The subtlety of these patterns ensures that consumers remain unaware of the manipulation, believing they are exercising free will when, in reality, their decisions have been architecturally predetermined by the platform’s design choices.2
The main characteristics of Dark Patterns are:
- False Urgency: Platforms deliberately manufacture artificial scarcity or popularity signals—such as “Only 2 left!” or “500 people viewing this”—to psychologically pressure consumers into impulsive purchasing decisions. This calculated exploitation of loss aversion strips consumers of deliberate decision-making, replacing rational choice with panic-driven action that ultimately serves the platform’s commercial interests over consumer welfare.
- Basket Sneaking: At the final stage of checkout, platforms silently insert additional items—insurance policies, charitable donations, or subscription services—into the consumer’s cart without explicit consent. This exploitation of consumer inattentiveness at the payment stage inflates the final payable amount, effectively extracting money for products or services the consumer never consciously chose to purchase.
- Confirm Shaming: Rather than offering neutral opt-out options, platforms craft psychologically manipulative decline buttons using guilt-inducing or ridiculing language—such as “No thanks, I hate saving money.” This weaponization of shame and social embarrassment coerces consumers into affirmative choices they would otherwise reject, corrupting the voluntariness that forms the bedrock of valid consumer consent.
- Forced Action: Platforms condition access to desired products or services upon the consumer’s compulsory engagement with entirely unrelated offerings—mandatory account registrations, unwanted subscription sign-ups, or excessive personal data sharing. This coercive bundling of unrelated requirements with legitimate consumer intent transforms a simple transaction into an exploitative gateway of unwanted obligations.
- Subscription Trap: While enrollment into paid subscriptions is deliberately streamlined and effortless, the cancellation pathway is intentionally buried, labyrinthine, or functionally inaccessible. This asymmetrical design ensures continued extraction of consumer funds well beyond any genuine intent to subscribe. The Indian Digital Personal Data Protection Act similarly recognizes this imbalance, mandating that consent withdrawal must be as simple as consent itself was given.3
- Interface Interference: Through selective visual emphasis—strategic use of color, size, contrast, and placement—platforms deliberately highlight commercially favorable options while visually suppressing alternatives that better serve consumer interests. This manipulation of visual hierarchy steers consumers toward predetermined choices, rendering the interface itself an instrument of deception rather than a neutral facilitator of informed decision-making.
- Bait and Switch: Platforms advertise specific outcomes, products, or prices to attract consumer engagement but systematically substitute an entirely different—typically inferior or more expensive—offering upon execution of the transaction. This misalignment between advertised promise and delivered reality breaches the reasonable consumer’s expectation, undermining the good faith that governs legitimate commercial dealings.
- Drip Pricing: Platforms advertise attractively low base prices while systematically withholding mandatory fees, taxes, and charges until the final stages of checkout—when consumer commitment is psychologically strongest. This staged revelation of true costs exploits sunk-cost psychology, making abandonment feel wasteful, so the consumer ultimately pays substantially more than what initially induced their engagement.
- Disguised Advertisement: Sponsored content is deliberately designed to visually and contextually mimic organic user-generated content, editorial articles, or genuine peer recommendations, making commercial intent effectively invisible to the average consumer. This blurring of the boundary between authentic content and paid promotion corrupts the information environment consumers rely on to make genuinely independent decisions.
- Nagging: Platforms subject consumers to relentless, repetitive prompts, pop-ups, and interruptions demanding specific commercial actions—subscription upgrades, permission grants, or purchase completions. Unlike legitimate nudging, which respects consumer autonomy, nagging constitutes behavioral sludging that overwhelms cognitive bandwidth to erode rational resistance, producing commercially favorable decisions born of exhaustion rather than genuine free will.
- Trick Questions: Consent mechanisms are deliberately constructed using double negatives, ambiguous phrasing, or grammatically convoluted language that systematically misleads consumers about the actual consequence of their selections. A consumer who genuinely intends to opt out inadvertently opts in through no fault of their own. This weaponization of linguistic complexity ensures that confusion itself becomes the mechanism through which commercially valuable consent is extracted.
- SaaS Billing: Software-as-a-Service platforms exploit the psychological invisibility of recurring digital payments by embedding automatic renewal clauses within complex onboarding flows, ensuring consumers remain perpetually billed for services they may have forgotten or ceased using. The deliberate opacity surrounding billing cycles, amounts, and cancellation mechanisms transforms what appears to be a convenient subscription model into a systematic mechanism for covert, ongoing financial extraction from inattentive consumers.
- Rogue Malwares: Scareware and ransomware tactics falsely alarm consumers about non-existent security threats on their devices, manufacturing artificial urgency around fabricated technical crises. Consumers, panicked and technically vulnerable, are manipulated into purchasing fraudulent remediation tools that paradoxically introduce the very malware they purport to eliminate. While existing Information Technology Act provisions partially address this conduct, its inclusion within dark pattern regulations reflects its fundamentally deceptive, consent-corrupting character.
A collaborative study by the ASCI (Advertising Standards Council of India) and Parallel, conducted across applications from nine industries, found that 52 of the 53 top Indian applications studied used at least one deceptive pattern.4 Because these are among the most downloaded apps in the Indian market and leaders within their respective industries, the finding highlights how widespread manipulative design practices are among the very companies consumers trust most.
The Legal Aspect
The legal authorities regulating these dark pattern practices are well aware of the issue. The Central Consumer Protection Authority (CCPA) issued guidelines in 2023 governing dark patterns under Section 18 of the Consumer Protection Act, 2019. These guidelines prohibit 13 specified dark patterns, including false urgency, basket sneaking, and drip pricing.5 Dark patterns are also classified as an “unfair trade practice” under Section 2(47) and may constitute “misleading advertisements” under Section 2(28).
Further, where dark patterns are used to obtain consumer consent through clicks—such as the “I agree to the Terms and Conditions” checkbox—Section 14 of the Indian Contract Act comes into play. This section requires that consent be “free”; any consent obtained through fraud (Section 17) or misrepresentation (Section 18)—both central to dark patterns—is voidable. Additionally, under Section 6 of the Digital Personal Data Protection (DPDP) Act, 2023, consent for data processing must be free, specific, informed, unconditional, and unambiguous, requiring a clear affirmative action.6
These are the legal remedies available to consumers against dark pattern practices. However, to properly penalize companies engaging in such practices, regulatory bodies must act strictly. The CCPA has already taken proactive action against top companies by issuing notices to over 11 major platforms—including Uber and Zepto—for violations in May 2025.7 By late 2025, 26 e-commerce platforms had voluntarily submitted self-audit reports confirming their platforms were free from these manipulative practices, following a three-month mandatory compliance directive.
A Comparative Perspective: India and the United States
A comparative glance at the United States reveals a more fragmented yet instructive regulatory landscape. Unlike India’s consolidated guidelines under the CCPA, the United States relies on a combination of existing contract law doctrines, sector-specific statutes, and Federal Trade Commission enforcement. Under Section 5(a) of the Federal Trade Commission Act, the FTC is empowered to act against unfair or deceptive practices affecting commerce, and has invoked this provision against several platforms employing dark patterns, even where the term itself was not explicitly used.8 At the state level, California’s Consumer Privacy Rights Act (CPRA) defines dark patterns as user interfaces designed to subvert or impair user autonomy and decision-making,9 while the California Age-Appropriate Design Code Act extends specific protections to children against such manipulative design practices.10
American courts have further addressed these concerns through contract law—most notably in Specht v. Netscape Communications Corp.,11 where then–Circuit Judge Sonia Sotomayor held that terms placed on a submerged screen, beyond the user’s ordinary scroll, were insufficient to constitute valid contractual assent. Similarly, in Nguyen v. Barnes & Noble Inc., the court denied enforceability of an arbitration clause accessible only through an inconspicuous hyperlink, reinforcing that mere technical availability of terms does not satisfy the threshold of informed consumer consent.12 These judicial developments demonstrate that while India has taken a more proactive legislative approach through its 2023 Guidelines, the underlying principle remains universally consistent—consent extracted through manipulative design cannot be treated as legally valid consent.
The Judicial View
In Ashwani Chawla v. Flipkart Internet Pvt Ltd (2024), the State Consumer Disputes Redressal Commission (SCDRC), Chandigarh, recognized the dark patterns used in applications and applied the CCPA’s 2023 guidelines. The commission identified a double-billing practice employed by Flipkart—adding an “offer handling fee” of ₹49 to the bill—as a deceptive practice, specifically “drip pricing.”13 Secondly, the commission identified and recognized the “bait and switch” practice used by e-commerce platforms, such as Flipkart, when selling old, used products as new. Consumer commissions consistently uphold the principle of product liability, which is a core principle of consumer jurisprudence. The problem with these commissions is that their reach is somewhat limited, as platforms constantly evolve their practices and the redressal system is entirely complaint-based. This reactive nature of adjudication places an unreasonable burden on the individual consumer, who must personally initiate proceedings against technologically sophisticated corporations, creating a structural imbalance that favors platforms over the very consumers the law seeks to protect.
Conclusion
The 2023 recognition and guidelines from the Central Consumer Protection Authority (CCPA) mark significant progress toward consumer activism and the fight against malpractices like dark patterns. But we must also recognize that the Indian state remains somewhat behind when it comes to regulating such practices, particularly where technical angles are involved. The CCPA alone cannot monitor and regulate the entire market; for that, new NGOs and independent bodies like Parallel must step up, and the system needs to become more suo motu when dealing with complex practices like dark patterns. A layman user of an app often cannot understand how a random fee labeled a “handling charge” in their bill includes taxes. Furthermore, the burden of proof and accountability remains unclear: who is liable for subscription continuations against a consumer’s will—the platform or the consumer themselves? The answer to this question is currently blurred.
The comparative analysis with the United States further underscores this urgency. While the American framework remains fragmented across federal and state jurisdictions, its judicial tradition—rooted in contract law doctrines of assent and notice—has consistently refused to validate consent obtained through obscured or manipulative design. India’s legislative approach through the 2023 Guidelines is arguably more proactive, yet it lacks the robust judicial reinforcement that American courts have developed over decades. The lesson from the US experience is clear: legislation alone is insufficient; courts must actively and consistently engage with the evolving vocabulary of digital manipulation to give consumer protection law its intended teeth.
To tackle such practices, clear and straightforward regulations are needed, explicitly stating which practice attracts what liability. Regulating platforms that constantly utilize dark patterns also requires consumer education—through online campaigns, video advertisements, and research programs at the local level, in schools, colleges, and major markets. We live in an era where companies constantly improve themselves and push updates or alter policies to bypass regulations. This issue will only be resolved if regulators remain one step ahead of the companies.
Reference(S):
1. Harry Brignull, Michael Leiser, Cristiana Santos & Kaushik Doshi, Deceptive Design (2023), https://www.deceptive.design/.
2. National Law School of India University, Dark Patterns (2024), https://www.nls.ac.in/wp-content/uploads/2021/04/Dark-Patterns.pdf.
3. Dark Patterns in Exit Architecture: Legal Implications of Manipulative Subscription Cancellation Flows, NUALS Law Journal (June 19, 2025), https://nualslawjournal.com/2025/06/19/dark-patterns-in-exit-architecture-legal-implications-of-manipulative-subscription-cancellation-flows/.
4. Advertising Standards Council of India & Parallel, Conscious Patterns: Study of Deceptive Patterns in Indian Apps (2024), https://parallelhq.blr1.cdn.digitaloceanspaces.com/consciouspatterns/Study%20of%20Deceptive%20Patterns%20in%20Indian%20Apps.pdf.
5. Central Consumer Protection Authority, Guidelines for Prevention and Regulation of Dark Patterns (2023).
6. Digital Personal Data Protection Act 2023, § 6.
7. Govt Issues Notices to 11 Firms Including Zepto, Uber for Using Dark Patterns, Warns Action, Times of India (May 2025).
8. Federal Trade Commission Act, 15 U.S.C. § 45(a) (2018).
9. California Privacy Rights Act of 2020, Cal. Civ. Code § 1798.140(l) (West 2023).
10. California Age-Appropriate Design Code Act, Cal. Civ. Code § 1798.99.28 et seq. (West 2022).
11. Specht v. Netscape Commc’ns Corp., 306 F.3d 17, 32 (2d Cir. 2002).
12. Nguyen v. Barnes & Noble Inc., 763 F.3d 1171, 1179 (9th Cir. 2014).
13. Shouvik K. Guha & Sanchari Roy, Ashwani Chawla v. Flipkart Internet Private Ltd: Formal Recognition of Dark Matter Prevention and Recognition Guidelines, 12 Int’l J. on Consumer L. & Prac. 11 (2024).





