How dark is the financial sector of the country? : Implications of the Guidelines for Prevention and Regulation of Dark Patterns, 2023

"Pay within 5 minutes and get a 5% discount"

"Hurry, last 4 pieces available in stock. Buy now!"

We see similar statements almost everywhere while online shopping. There are thousands of practices that lure, deceipt, or force customers to buy goods or avail services that they may not really need. These practices are generally known as "Dark Patterns". And for obvious reasons, these need to be controlled. Which is why, the Central Consumer Protection Authority ("CCPA"), issued Guidelines for Prevention and Regulation of Dark Patterns, 2023 ("Guidelines") yesterday. While one witnesses these dark patterns almost everywhere online, the risk of these dark patterns becomes excessively critical when it comes to the financial sector (being the sector with utmost financial and credit risk anyway!).

This note is an attempt to shed light on dark patterns prevailing in the industry and the expected impact of the Guidelines on them.

What are Dark Patterns?

The Guidelines define “dark patterns” as- any practices or deceptive design pattern using user interface or user experience interactions on any platform that is designed to mislead or trick users to do something they originally did not intend or want to do, by subverting or impairing the consumer autonomy, decision making or choice, amounting to misleading advertisement or unfair trade practice or violation of consumer rights.

Further, the Annexure 1 to the Guidelines provides a list of "Specified Dark Patterns" which contain an indicative list of illustrations that will be construed as dark patterns. Let us look at some of these illustrations from the lens of financial sector products:

1. False Urgency: means falsely stating or implying the sense of urgency or scarcity so as to mislead a user into taking an immediate action. For instance: Showing a loan signing page with a timer to sign. Several lenders allow a discount on EMI if the customer pays the EMI before the due date. The intention is to motivate customers to pay their EMIs on time and reward good credit behavior. Typically, these options are advertised as - "Pay your EMI before the due date and get a discount of 2%." Is this really creating a sense of urgency? Interesting to delve on...
2. Basket Sneaking: means inclusion of additional items without the consent of the user, such that the total amount payable by the user is more than the amount payable for the product or service chosen by the user. You must have seen pre-ticked box to donate a few bucks to charity and because it's such a small amount, you may not notice or not care. Think of a life insurance (pre-ticked) with your loan. You do not read the terms and end up thinking it is for your own benefit. In reality, you may never be able to raise a claim on these insurances.
3. Confirm shaming: means using a phrase, video, audio or any other means to create a sense of fear or shame or ridicule or guilt in the mind of the user so as to nudge the user to purchase a product or service or continuing a subscription of a service. Think you saw the embedded insurance option above and still decided to move ahead without the insurance. A pop-up saying "I don't care about my family. I choose not to avail the insurance" shows up. Your guilty self goes back to tick the insurance option again!
4. Forced action: means forcing a user into taking an action that would require the user to buy any additional goods or subscribe or sign up for an unrelated service or share personal information in order to buy or subscribe to the product or service originally intended by the user. Go back to the insurance example again. Think you read the pop-up, used your rationale and decided to still move ahead without the insurance. The application says that the system does not allow moving to the next page until you select the insurance option. Your sorry self, has to now take that insurance! You may have also noticed several financial services platforms requiring your personal information such as SMS data, contacts, applications installed on your phone, etc. It also discloses the need and purpose of accessing such data. If you do not allow access to this information, you will not be able to avail the services of the platform. Will this be considered forced action? What if the app or the service really cannot operate without such information? Where do we draw the line between the "needed" and the "add-on" information? Food for thought...
5. Subscription trap: means the process of making cancellations practically impossible (by making it a complex or lengthy process or hiding the cancellation option or forcing a user to provide payment details or authorization for auto debits or making the instructions related to cancellation ambiguous, latent, confusing, cumbersome.)Think you set up a NACH for auto debiting your account by INR 50,000 every month to be invested in various avenues by an intermediary. A few months later, you have a cash crunch and want to stop the auto debits. You browse through the intermediary's app and website and cannot find the option to cancel the NACH. You either fight it out, file a complaint or end up giving up to the complexities.
6. Interface interference: means a design element that manipulates the user interface in ways that (a) highlights certain specific information; and (b) obscures other relevant information relative to the other information; to misdirect a user from taking an action as desired.*terms and conditions apply- of course!Think of terms and conditions, privacy policies, various consents, etc. which are hyperlinked and no one really reads it. Will that be considered interface interference? The answer certainly depends on how these things appear on the platform.
7. Bait and switch: means the practice of advertising a particular outcome based on the user’s action but deceptively serving an alternate outcome."Get a loan at 6% interest"- when you go to the app, it turns out, the interest rate was monthly, or based on your credit profile, 6% cannot be offered to you. Sounds pretty regular!
8. Nagging: means a practice due to which a user is disrupted and annoyed by repeated and persistent interactions, in the form of requests, information, options, or interruptions, to effectuate a transaction and make some commercial gains, unless specifically permitted by the user. Remember how you just browsed a lending platform and forgot about it? But then you receive emails, calls, SMS, bot messages, etc. reminding and pursuing you to apply for that loan. But by accessing that website, you agreed to the terms and conditions of use, which stated that you authorise the lender to contact you for the loan. Is the lender really using a dark pattern here? Did you "specifically" permit the lender to call you? What really is specific consent anyway...

Are the Guidelines applicable to financial service providers?

The Guidelines are applicable to all platforms, systematically offering goods or services in India, advertisers and sellers. Further, the Guidelines are issued under the Consumer Protection Act, 2019 ("Act") which is applicable to sellers and service providers.

Based on the definition of "service", the Act is clearly applicable to the provision of facilities in connection with banking, financing, insurance, etc. Financial service providers should ideally be covered by the said Guidelines.

What does it mean for the financial service providers?

The Guidelines bar use of any dark patterns by sellers or service providers. Additionally, the guidelines state that where a dark pattern practice is regulated under any other law, the provisions contained in the Guidelines shall be in addition to and not in derogation of such other laws.

What Next?

Given the risks involved, the financial sector is a highly regulated industry and each of the regulators have laid down various guidelines to regulate some of these practices. For example- RBI guidelines on fair practices, disclosures of interest rates and other charges, etc.

While there are regulatory guidelines regulating dark patterns directly or indirectly, several aspects remain unaddressed by such regulations. The Guidelines intend to cover all such dark patterns under a single blanket and curb them. Its time, the financial sector entities take a step back and take a look at their customer journeys and advertisement and marketing methodologies and think- whether any of their acts construe to be a dark pattern?

The Action Plan

1. Relook at customer journeys, sales, marketing and advertising methodologies
2. Relook the content and language of advertisements
3. Identify any acts/statements etc. that may fall into any of the illustrations or the definition of dark patterns
4. Evaluate each such element and determine whether it is a dark pattern
5. Revise the elements and ensure they are not a dark pattern anymore

Easier said than done, nothing is as black and white as it sounds here. Entities will require much more clarity on determination of dark patterns. As a principle, intention should be the key factor.

Given the innovation, complexities and nuances of financial products, it will be worthwhile to see how the industry reacts to the Guidelines and what will be their action plan.