[Swetha is a student at Gujarat National Law University.]
The term ‘dark patterns’, coined by Harry Brignull, simply means a user interface that has been designed to trick, manipulate and deceive users into acting a certain way in which they wouldn’t have, for the benefit of the business. A few common examples of ‘dark patterns’ are spam mailing, confirm shaming, nudging, roach motel, etc.
Dark patterns are mainly approached as a cause of concern in regards to privacy. However, a few of the above-mentioned examples (i.e., roach motel and confirm shaming) show the flip side of the coin i.e. the antitrust concern. This article delves into the antitrust concerns regarding ‘dark patterns’ and how the lack of data protection laws in India should not hinder the Competition Commission of India (CCI) in regulating and scrutinizing dark patterns.
Dark Patterns: An Antitrust Concern
Dark patterns in regards to data privacy breach means that the user’s consent to using his personal data is not obtained in a free, unambiguous, and informed way. Therefore, obtaining consent through force invalidates the same. An example of a breach is when the user forcefully consents to provide personal data for the unwanted data processing operation because refusing to consent was not an option.
On the other hand, in regards to antitrust, the breach is said to happen when the practice of an entity is found to be anticompetitive. Anti-competitive practice is an act done to restrict effective competition in order to sustain or increase their own market share and profit without necessarily increasing the quality or reducing the price. This definition can adequately support dark patterns as an anti-competitive practice as it tends to profit through relevant data taken from customers through one of the many dark pattern practices.
Firms, especially tech-firms, can use these dark patterns to “(i) exclude competition in digital markets; and then (ii) based on their market power, extract resources akin to restricting output in product markets”.
Amazon, for example, displays the information on the number of stocks left for the product that one is currently viewing on its website. It is known as ‘scarcity bias’. It tends to emotionally nudge the customer into buying that product that he would not have bought otherwise. In another instance, Spotify indulges in dark patterns through the ‘roach motel’ technique which makes the process of opting out of a subscription hard and cumbersome thus increasing the chance of a continued subscription.
When consumers are forced to use a platform exclusively because their attention is limited, digital manipulation can create barriers to entry that keep upstarts out. This keeps people on a platform even when better user interfaces are available. The example of Amazon’s ‘scarcity bias tactics’ aims to exploit the finite users by coercing them into ordering the product quickly without looking for other alternative platforms.
The anti-competitiveness can be argued through the potential harm that dark patterns cause the consumers. Dark patterns can be used to fleece revenue from users; and also quietly manipulate customers in a way that degrades the quality of the market. The lengthy process of unsubscribing to Spotify premium services extracts the money from users which otherwise would not have been possible to be tapped by Spotify.
The quiet manipulation of using inferior quality products reduces the overall welfare of the customers in a market and hence causes a ‘non-price injury’. In Tucker v. Apple, the US court acknowledged both price and non-price injury caused by digital manipulation. Further in United States v. Microsoft, the court ruled Microsoft’s conduct as anticompetitive by restricting competition and coercing users through its product design by integrating Internet Explorer, which was deemed to be of inferior quality, into Windows.
In short, the above-mentioned examples of dark patterns misdirect and manipulate the consumers to modify their actions in a way that is advantageous and profitable to the business, thus, impeding fair and effective competition. The limitation that needs to be kept in mind is that the difficulty in establishing a line between creative marketing and dark patterns is hard. While not all dark patterns are detrimental, the critical factor is if the design was intended to increase reliance, influence usage, and provide consumers with a product of inferior quality.
Current Indian Competition Law Jurisprudence
The Competition Act, 2002 (the Act) was introduced with the objective of promoting fair competition while regulating any anticompetitive practices in the market. Section 4 of the Act provides for the regulation of entities that abuse their dominant position in the relevant market. Now, the traditional approach to this provision was to hold entities accountable on the basis of pricing, hence making it an important parameter for CCI to exercise its jurisdiction. The famous case of WhatsApp Privacy Policy update in 2016 (WhatsApp Privacy Policy Update (2016)) is a prime example of this approach. CCI refused to entertain its jurisdiction on WhatsApp which was alleged to abuse its dominant position, for profit, by forcing users to share data with ‘Facebook’ in order to use WhatsApp. Therefore, the case was dismissed on the basis that there was no act of predatory pricing found in its practices even when there was a misappropriation of data having the potential to hamper effective competition.
Later in 2021, CCI’s suo moto case of In Re: Updated Terms of Service and Privacy Policy for WhatsApp Users (WhatsApp Privacy Policy Update (2021)) hinted at a shift from this traditional approach. The CCI ordered the DG to investigate the prima facie contravention of Section 4 of the Act as WhatsApp showed ‘exploitative and exclusionary’ conduct by obtaining consent from customers to share their data with Facebook companies; which was alleged to be unnecessary for availing WhatsApp services.
This deviation in approach could be traced back to a market study on the telecom sector released by the CCI. The study indicated CCI’s increased cognizance of “privacy taking the form of non-price competition”. It further acknowledged the detriment to the competition and consumers caused when data privacy is breached.
US' and EU's Take on Dark Patterns
Cases like the WhatsApp Privacy Policy Update (2016) and the WhatsApp Privacy Policy Update (2021) provide opportunities for the Indian competition jurisprudence to evolve by looking into anti-competitive practices through data privacy breaches. However, the absence of well-framed data privacy law provokes confusion and uncertainty as to the extent to which CCI can entertain its jurisdiction in a data privacy breach case.
In jurisdictions such as the EU and the US, there are data privacy laws and guidelines that seek to acknowledge and regulate dark patterns. The researchers found that ‘dark patterns were harmful and required close supervision by the watchdog. For instance, France’s data protection authority had stated that dark patterns render the user’s consent invalid as it is “using and abusing a strategy to divert attention.” Moreover, the European Data Protection Board had recently published guidelines on dark patterns in social media platforms and how certain practices could contravene the provisions under the EU’s General Data Protection Regulation.
Similarly, California Consumer Privacy Act’s objective revolves around enforcing transparent and voluntary conduct of obtaining consent. Furthermore, the upcoming California Privacy Rights Act explicitly deals with dark patterns hence strengthening enforcement against it. The U.S. Federal Trade Commissioner, Rohit Chopra, referred to dark patterns as “often harmful to users or contrary to their intent” and stated that the Federal Trade Commission should “methodically use all its tools to shine a light on unlawful digital dark patterns, and contain the spread of this popular, profitable, and problematic business practice.”
From the above, it is clear that both the jurisprudences have taken cognizance of the harmful effects of dark patterns, meanwhile, India still does not have a data protection law on its own to regulate the usage of data; let alone deter dark patterns. This is where the competition law authorities should not hesitate in regulating dark patterns which may fall under the ambit of antitrust laws. Simply stating, CCI’s lack of jurisdiction in data and privacy matters will only continue to widen the loopholes in the legislation. Besides, the CCI has signaled a fresh approach towards non-price competitions. Therefore, if the anti-competitiveness of dark patterns can be proved by CCI, it should not hesitate to scrutinize the same citing its lack of jurisdiction in data and privacy matters.
Concluding Remarks
In sum, the non-availability of data protection law should not cause reluctance in CCI to scrutinize dark patterns under antitrust concerns. CCI should continue to take up jurisdiction as it did in the 2021 case because data is knowledge, and knowledge is power. Companies will strive to leverage this power towards themselves; and through anticompetitive practices, if needed. Thus, it is high time that CCI started to acknowledge data privacy as means of non-price competition and dark patterns as an anticompetitive practice because both consumer welfare and effective competition are ultimately eroded. Nevertheless, in the longer run, a data protection law is needed to address the aspect of consumer privacy violations.