top of page
Search

'Dark Patterns' on Platforms: Compliance Tightens as the CCPA Steps Up Enforcement in India

  • 1 day ago
  • 3 min read


The Central Consumer Protection Authority ("CCPA") imposed a fine of INR 5 lakh on ed-tech platform PhysicsWallah on 1st June for deploying prohibited dark patterns on its platforms. The order was passed under the Consumer Protection (E-Commerce) Rules, 2020, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023 ("Dark Pattern Guidelines").


CCPA's Order in PhysicsWallah on 'Dark Patterns' Compliance


The matter was taken up suo moto by the CCPA, and upon examination, it found that PhysicsWallah deployed the following deceptive design choices on the platform:


  • 'Basket sneaking' and 'confirm shaming'


    The platform presented users with a pre-ticked checkbox to donate INR 10 to the PW Foundation at checkout when they were paying for their selected courses. The platform's stance was that the donation checkbox could be easily deselected by users, and that no payment could proceed without their explicit consent. The CCPA did not accept this argument and characterised the design as 'basket sneaking', observing that it created a risk of users making unintended payments to PhysicsWallah. The CCPA further found that the platform used emotionally persuasive messaging to nudge users to retain the donation amount, amounting to 'confirm shaming'.

 

  • 'Forced action' and 'interface interference'


    The platform required users to sign up and provide their personal data to access even courses that were advertised as "free". In some cases, content remained inaccessible even after those steps were completed. PhysicsWallah submitted that collecting minimal personal information was necessary to enable unique identification of the users, and mitigate risks such as content piracy, unauthorized redistribution, misuse of platform resources, and the creation of fraudulent or automated accounts. However, the CCPA found that the content remained the same across different accounts and hence the collection of personal information was not essential to provide access. It took the view that if a course is marketed as 'free', consumers must not be compelled to divulge personal information merely to reach the content and found that the interface of the platform impaired users' ability to make free and informed decisions.

 

In arriving at the penalty decision, the CCPA appears to have attached significance to the fact that the platform catered substantially to students, including minors and young consumers, and that the platform collected over INR 2.47 crores from more than 21 lakh users.

 

The McAfee Decision


Earlier in May, the CCPA issued a similar order against cybersecurity solution provider McAfee, imposing a penalty of INR 1 lakh for deploying manipulative design on its subscription-renewal interface. The CCPA found that the interface forced consumers to choose between "Accept Risk" and "Renew Now", with the former option being framed as the irresponsible or reckless choice. The CCPA identified this as an example of 'confirm shaming'.

 

Conclusion


These orders are among the first enforcement actions under the Dark Pattern Guidelines and signal that the CCPA is moving towards active enforcement against such deceptive practices by platforms. The Dark Pattern Guidelines were issued by the CCPA in November 2023 and include an illustrative list of 13 dark patterns, such as, 'confirm-shaming', 'forced action', 'bait-and-switch', and 'basket sneaking'. Consumers affected by dark patterns can file complaints with the CCPA directly or approach the District, State, or National Consumer Disputes Redressal Commissions depending on the value of the claim. The CCPA may also take up matters on its own, as it did with PhysicsWallah.


The PhysicsWallah order also indicates an emerging overlap between consumer protection and privacy compliance in the context of 'dark patterns'. A design choice that pressures users into sharing data or pay money may invite scrutiny under the consumer laws as well as India's data protection framework.

 

'Dark Patterns' Compliance in India: Takeaways for Tech Platforms


Where design choices lead users to paying, subscribing, or disclosing personal data through default actions, pressure tactics, or interface friction, businesses may face increased compliance risk under Indian consumer protection law. To mitigate risk, businesses should consider conducting a comprehensive interface audit, including reviewing checkout flows, consent mechanisms, urgency cues, opt-out flows, and renewal prompts against the Dark Pattern Guidelines.

 


 

 
 
 

Comments

Get in Touch

Select a time below for a 30-minute introductory call.

Privacy Policy

© 2025 DRN Legal. All rights reserved. 

Disclaimer

In accordance with the rules of the Bar Council of India, DRN Legal and its members are prohibited from soliciting work or advertising in any form or manner. By continuing to use this website, You confirm and acknowledge that:​ 1. There has been no advertisement, personal communication, solicitation, invitation, or inducement of any kind from DRN Legal or its members to solicit work or advertise through this website. 2. The sole purpose of this website is to provide general information about DRN Legal, its areas of practice, and its professionals. 3. You are accessing this website of your own accord for personal or professional information. 4. Any information or materials obtained from this website are accessed at your own initiative, and using this website does not create a lawyer-client relationship. 5. This website is not intended to serve as an advertisement or solicitation, and its content should not be interpreted as legal advice. 6. DRN Legal is not responsible for any consequences arising from actions taken based on the information provided on this website. Users should seek independent legal advice for specific concerns. 7. All content on this website is the intellectual property of DRN Legal.

bottom of page