Listen to this post
FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act

Introduction:

The new draft guidelines titled ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’[1] (“Draft Dark Pattern Guidelines”), released by the Department of Consumer Affairs in September 2023, define dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights”.

In practice, these patterns exploit human psychology and trick people into making unwanted choices/ purchases. It has become a menace for the FinTech industry. These patterns are used to encourage people to sign up for loans, credit cards, and other financial products that they may not need or understand. However, the new Digital Personal Data Protection Act, 2023 (“DPDP Act”), can be used to bring such dark patterns under control. The DPDP Act requires online platforms to seek consent of Data Principals through clear, specific and unambiguous notice before processing any data. Further, the Act empowers individuals to retract/ withdraw consent to any agreement at any juncture. Therefore, organisations will have to undertake technical and organisational measures to align their data collection practices with the principles of fairness, transparency and accountability.

Draft Guidelines:

The Draft Dark Pattern Guidelines provides for certain specific instances where such patterns are currently in use:

  1. False urgency: This pattern creates a sense of urgency to make a decision, such as by telling the user that an offer is only available for a limited time.
  2. Basket sneaking: This pattern adds items to a user’s cart without their knowledge or consent.
  3. Confirm shaming: This pattern makes it difficult for users to cancel a subscription or other service.
  4. Forced action: This pattern requires users to take action, such as agreeing to a privacy policy, to continue using a service.
  5. Subscription traps: This pattern makes it difficult or impossible for users to cancel a subscription, such as by requiring them to call a customer service number or navigate through a complex maze of menus.

Implications for FinTech qua the Data Law:

The Draft Dark Pattern Guidelines, coupled with the recent promulgation of the DPDP Act, is likely to have a significant impact on the FinTech industry. Companies will need to review their user interfaces and remove any dark patterns that they are using and protect the personal data and use the data for ‘legitimate purposes’ only and take consent from users, through clear affirmative action, in unambiguous terms. They will also need to develop new ways to promote their products and services without relying on deception. However, implementation and compliance with the DPDP Act may be challenging. The biggest challenge may arise while maintaining a balance between accessing user data for personalisation and user privacy. Further, companies will have to invest in additional resources to ensure personalised marketing is in line with the Act’s stringent data protection requirements.

Next Steps for Compliance:

To comply with the Draft Dark Pattern Guidelines and the DPDP Act, FinTech companies would have to:

  1. review their user interfaces and marketing materials to ensure that they are not using dark patterns.
  2. obtain clear and informed consent from users before collecting or using their personal data.
  3. provide users with the ability to access, correct, and delete their personal data.
  4. protect user data from unauthorised access, use, or disclosure.
  5. educate consumers about dark patterns and how to identify them and develop industry standards for user interfaces that are free of dark patterns.
  6. integrate pop-up notifications or consent documentation on digital platforms for upholding compliance.
  7. offer comprehensive and customised user interactions on digital platforms.
  8. enhance user interfaces by adopting encryption, multi-factor authentication and routine security safeguards measures.
  9. mechanism to ensure completeness, accuracy, consistency and correctness of the data processed.
  10. ensure that platforms target the right audience without disclosing personal information.
  11. grievance redressal mechanism to cater to consumer complaints with respect to dark patterns.
  12. conduct periodic audits to prevent data breach.

By taking these steps, the industry can help create a more transparent and fairer digital ecosystem for consumers.

Concluding thoughts:

The Draft Dark Pattern Guidelines are a positive step towards protecting consumers. FinTech companies need to take steps to comply with the guidelines and avoid using deceptive user interface designs. Consumers also need to be aware of dark patterns and how to avoid them. By working together, a more transparent and fairer financial services industry can be created. The Guidelines, along with the recent DPDP Act, will make use of online platforms a safer place for customers.  


[1] Draft Guidelines for Prevention and Regulation of Dark Patterns 2023.pdf (consumeraffairs.nic.in)

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Anu Tiwari Anu Tiwari

Partner and Co-Head in the Fintech Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus…

Partner and Co-Head in the Fintech Practice at the Mumbai office of Cyril Amarchand Mangaldas. Anu represents Indian and multinational banking, broker-dealer, exchange, asset management, speciality finance, fintech and information/ emerging technology companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, capital raising, commercial agreements and activism matters. Anu advises financial services clients on matters before the Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI), Ministry of Finance, Enforcement Directorate and appellate tribunals. He can be reached at anu.tiwari@cyrilshroff.com

Photo of Sara Sundaram Sara Sundaram

Partner in the Disputes and White Collar Crime Practice at the Mumbai office of Cyril Amarchand Mangaldas. Sara specializes in the areas of internal investigations and compliance training, white-collar crimes, corporate and financial investigations, fin tech and financial matters and international sanctions. She…

Partner in the Disputes and White Collar Crime Practice at the Mumbai office of Cyril Amarchand Mangaldas. Sara specializes in the areas of internal investigations and compliance training, white-collar crimes, corporate and financial investigations, fin tech and financial matters and international sanctions. She has assisted and advised several foreign investors, corporates and financial institutions on anti-corruption, anti-bribery issues, anti-money laundering, sanctions violations, and serious fraud investigations.

She also advises several foreign and domestic Clients on on AML/ABAC compliance, regulatory compliance and trade sanctions, and has handled internal investigations into compliance violations and whistle-blower complaints for corporations and financial institutions. She has considerable expertise in corporate governance, international sanctions, and international fraud related issues and regulatory compliance issues and financial crimes and Fintech.  She can be reached at sara.sundaram@cyrilshroff.com

Photo of Utkarsh Bhatnagar Utkarsh Bhatnagar

Principal Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Utkarsh has represented various Indian and multinational fintech, information/ emerging technology companies, and also pharmaceutical, and healthcare companies on transactional, enforcement and regulatory matters. His transactional…

Principal Associate in the corporate and financial regulatory practice at the Mumbai office of Cyril Amarchand Mangaldas. Utkarsh has represented various Indian and multinational fintech, information/ emerging technology companies, and also pharmaceutical, and healthcare companies on transactional, enforcement and regulatory matters. His transactional practice focus is on public & private M&A, commercial agreements and regulatory matters. He can be reached at utkarsh.bhatnagar@cyrilshroff.com