Dark Patterns and Data Protection: Bridging the Gap



Mr. Harry Brignull was the first person who discovered the term “Dark Pattern” in 2010 and has been keeping track of them ever since on his website. A dark pattern is a device that manipulates and coerces you to do what the website wants.

It has been many years of tricking internet users into giving up their valuable data, hard-earned money, and precious time by dark patterns. Dark pattern is usually used by the website to trick user into granting consent by mistake or through misrepresentation to be tracked, or to exploit data for their own profit


For Example: In the above picture, you can see a “cross button” which is at the extreme right and is compact in size, when you try to close the advertisement; you unknowingly click on the advertisement. Consequently, you will be redirected to the website of that particular advertisement. Once you are on a particular website, you will be unable to get out of that particular page.

This is how the Dark Pattern works.


 This is one of the most common practices which is usually used by shopping sites; where the exact price of the particular product, one wants to buy is not shown to the customer at the initial stage. Thereafter, once the product is added into the one’s cart for the final purchase of that particular product. Automatically, the final price is not as same as it was shown before the opening of that particular product. As a result, the customer is constrained to purchase the item at a higher price. Below are some of the snapshots of the above-said situation.

Picture 1     












Picture 2















Picture 3












In the initial image, the price displayed for the product indicates a payment of Rs 1399/- through the Cash-on-Delivery (COD) payment system. Furthermore, the bill summary also confirms the same amount of Rs 1399/-. However, upon selecting COD as the preferred payment method, an additional charge of Rs 100/- for purported “standard delivery” fees is imposed without prior disclosure during the earlier stages of the transaction.

It is evident that this practice is driven by the intent to capitalize on customers who have already invested their time and money in the product, assuming they would be less inclined to object to the added expenditure at the final stage of the transaction. This raises concerns about transparency and fairness in pricing practices.


One of the key and the most crucial provisions of the Digital Data Protection Act, 2023 (“the Act”) is to seek “one’s consent”. It is compulsory for all institutions/businesses/companies/firms must obtain the consent of the “Data Principal”(whose data is being collected)

Further, it is to make sure that before processing one’s data, there should be a meeting of minds between the Data Fiduciary and the Data Principal.

The word consent is defined under section 7, which enumerates that:-

The consent given by the Data Principal shall be free, specific, informed, unconditional, and unambiguous with clear affirmative action, and shall signify an agreement to the processing of her personal data for the specified purpose and be limited to such personal data as is necessary for such specified purpose.”


In light of the dynamic regulatory environment surrounding data privacy, it is imperative for businesses to maintain vigilant awareness of design elements that may potentially qualify as dark patterns. Specifically, with regard to functionalities designed to gather personal data or solicit user consent, a comprehensive understanding of such strategies is indispensable for businesses to effectively evaluate and mitigate compliance risks.


Furthermore, it is of utmost importance for brands to conduct a thorough and meticulous examination of their recurring billing and subscription initiatives in alignment with the aforementioned policy. Subsequently, businesses should take affirmative measures to ensure strict adherence to all pertinent laws and regulations.


DISCLAIMER: The above article is based on the personal interpretation of the related orders and laws. The readers are expected to take expert opinions before relying upon the article. For more information, please contact us

Leave a Reply

Your email address will not be published. Required fields are marked *