Consumer Body Notifies Guidelines on Dark Patterns

On November 30, 2023, the Central Consumer Protection Authority (CCPA) notified the Guidelines for Prevention and Regulation of Dark Patterns, 2023.

Apart from the 10 dark patterns (false urgency, basket sneaking, confirm shaming, forced action, subscription trap, interface interference, bait and switch, drip pricing, disguised advertisement, and nagging) specified in the draft released earlier, the guidelines provide for 3 additional dark patterns which were finalised after stakeholder consultation. The additional ones are trick questions, SaaS billing, and rogue malware.

When the language contained in the questions posed to users is vague, confusing or makes use of double natives, etc. to misdirect or cause consumers to take a specific response or action, the same amounts to trick questions. For instance, providing consumers with only two options, “Yes” and “Not Now” in response to questions asking them to opt for notifications.

Under the guidelines, SaaS (Software as a Service) billing refers to situations where payments are collected from consumers on a recurring basis in a SaaS business model, and there is misuse of this process in order to obtain payments “as surreptitiously as possible”. This practice can be observed when a free trial has been converted to a paid subscription without notifying the user.

The guidelines also prohibit engaging in the dark pattern practice of rogue malwares where users are tricked into believing that there’s a virus on their computers through the use of ransomware or scareware so that they pay for a tool to remove the malware, but such a tool actually ends up installing a malware. The multiple advertisements with embedded malware that pop up when a user accesses content on pirated platforms is an example of this dark pattern practice.