Remember the time you tried grabbing that discount on a hotel booking, only to be bombarded with arbitrary countdown timers and extra charges at checkout? These are deceptive designs or ‘dark patterns’ that surreptitiously influence our online interactions.
On 7 September, India’s Central Consumer Protection Authority (CCPA) released specific guidelines to combat such practices. These guidelines identify and prohibit specific dark patterns used by digital platforms, advertisers, and sellers. However, due to the amorphous nature of dark patterns, such prescriptive provisions may lead to unintended consequences, such as regulatory arbitrage and asymmetric compliance burdens. Vigilance and enforcement action by sectoral regulators can better serve consumer interests.
What are dark patterns?
The term ‘dark patterns’ was coined in 2010 by Harry Brignull, a user-experience (UX) designer. It refers to a variety of manipulative design tactics that have a singular aim – the acquisition of users’ attention, personal data, or money.
These designs include nagging pop-up windows, deceptive testimonials, artificial discounting, and disguised advertising, among others. Think of that hilariously relatable post you last saw on your favourite meme page. Chances are that it was a disguised ad, which reinforced the idea of a particular product or a brand in your mind. Research suggests that such tricks exploit our cognitive biases into buying products, renewing subscriptions, and sharing unnecessary personal data for free services.
Dark patterns interfere with or subvert individual autonomy, the impact of which can be challenging to measure. We can only imagine how these tactics evolve when they are coupled with emerging technologies like artificial intelligence. Dark patterns that subvert personal agency can have particularly grave implications for India’s 800 million internet users. They might incur monetary losses or get tricked into making risky financial decisions. Oxfam’s India Inequality Report, 2022, identified sharp disparities in digital literacy across socio-economic, regional, and gender lines. These factors can make online dark patterns more dangerous for vulnerable Indians than offline ones.
Also read: India can compete with China on semiconductors. But it needs to build investor trust first
Where to shine the light ?
Rulemaking against dark patterns is easier imagined than implemented. Subliminal marketing tactics designed to keep us engaged on a digital platform are often hard to identify and circumscribe within clear regulatory bright lines.
As immersive digital spaces creep closer into our daily lives, these practices will only evolve and become harder to detect. Prescriptive ex ante rules, which try to focus on dark patterns, will need to be constantly updated by the CCPA to keep pace with evolving interface design and marketing practices.
Jurisdictions like the US and EU regulate dark patterns through targeted rules, from a privacy-focused lens, or through enforcement action. For instance, the US Federal Trade Commission (FTC) exercises its powers to prohibit unfair or deceptive acts to mitigate them. The FTC’s 2021 enforcement policy upholds transparency and respect for personal agency; in other words, it asks, did a business disclose material details about a product/service, and did it obtain a consumer’s informed consent before selling it?
In the Indian context, deceptive tactics that trick users into making certain choices can qualify as unfair trade practices. Like the FTC, India’s CCPA can investigate and prescribe hefty fines and even jail time for them. Last February, the CCPA imposed a Rs 10 lakh fine on an e-commerce platform for running misleading ads and creating a ‘false urgency’ among shoppers.
Apart from the CCPA taking suo moto action, Indian consumers can also report deceptive practices or misleading ads and voice other similar grievances before the authority. However, the CCPA hasn’t made consumers or other sectoral regulators aware of the deceptive measures that platforms employ to sell their products and services.
Also read: India’s e-commerce rules need definitional clarity – to protect consumers, promote innovation
The way forward
The landscape of dark patterns is expansive, amorphous, and therefore not as black-and-white as the CCPA guidelines suggest. Attempts to bracket them in straitjackets and prohibit a prescribed list of ‘specified dark patterns’ can be counterproductive. Product designers too can take advantage of regulatory grey areas that inevitably arise when lawmakers try to be too specific in listing out prohibited activities.
Subversive UI/UX designs can exploit the ingenuous understanding of children, older adults, or those who are technologically challenged. Suppose your grandmother searches for dosa on a food-delivery app, only to see listings of sponsored restaurants upfront. While this may not amount to ‘interface interference’ or ‘forced action’ under the CCPA guidelines, it makes her more likely to choose from options served to her (pun intended). Similarly, the guidelines do not ban the use of UX elements that are designed to encourage users to scroll mindlessly on social media.
Consumer protection authorities should steer clear of ex-ante rules. Instead, they should double down on institutional coordination with sectoral regulators and make efforts to increase consumer awareness about evolving dark patterns. As the apex statutory body responsible for safeguarding consumer interests, the CCPA has wide powers at its disposal.
Regular coordination between the CCPA and other authorities, particularly regulators in high-risk sectors, such as the Reserve Bank of India (digital lending), and the Insurance Regulatory and Development Authority (insurance), can engender precision in state interventions against deceptive designs. Armed with specific insights, sectoral regulators would be best suited to identify and mitigate dark patterns deployed by the entities they regulate.
As a result of improved coordination, additional resources can now be at the CCPA’s disposal. Consequently, it can discharge functions for which it was created: that is, to act as an investigative and enforcement authority against violations of consumer rights.
The authors work at Koan Advisory Group, a technology policy consulting firm in New Delhi. Views are personal.
This article is part of ThePrint-Koan Advisory series that analyses emerging policies, laws and regulations in India’s technology sector. Read all the articles here.
(Edited by Prashant)