India’s top consumer watchdog, the Central Consumer Protection Authority (CCPA), has penalized edtech major PhysicsWallah and cybersecurity firm McAfee Software India for violating consumer rights. The regulator found both companies guilty of using “dark patterns”—manipulative digital user interfaces designed to trick or coerce users into making unintended choices.
PhysicsWallah was fined ₹5 lakh, while McAfee faced a ₹1 lakh penalty. The CCPA, led by Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra, ordered both companies to immediately eradicate these deceptive practices from their digital platforms to ensure transparent, informed consumer consent.
Violations by PhysicsWallah
The CCPA initiated a suo motu investigation into PhysicsWallah’s platform and flagged three major violations:
-
Basket Sneaking: During checkout, a ₹10 donation to the PW Foundation was pre-selected and automatically added to the user’s total bill without explicit consent.
-
Confirm Shaming: Users who attempted to uncheck or remove the donation were targeted with emotionally manipulative messages regarding children’s healthcare, education, and marriages to guilt-trip them into keeping the charge.
-
Forced Action: Courses advertised as “free” required users to first input their mobile numbers and email addresses. The CCPA discovered that the course content remained identical across all user profiles, proving that mandatory data extraction served no functional purpose.
The regulator noted that because PhysicsWallah’s primary audience consists of students—including minors and young consumers—such predatory design practices raise heightened consumer protection concerns due to the demographic’s vulnerability.
Violations by McAfee India
The CCPA’s inquiry into McAfee’s subscription renewal flow revealed multiple deceptive practices:
-
Coercive Interface Design: When prompting users to renew their software, McAfee gave only two stark options: “Renew Now” or “Accept Risk,” providing no neutral alternatives (like “Skip” or “Decide Later”).
-
Fear-Based Inducement: The CCPA ruled that framing non-renewal as an immediate “risk” exaggerated potential cybersecurity threats to pressure users into renewing—a claim the company could neither guarantee nor justify.
-
Visual Interference: The renewal option was given significantly higher visual prominence over the risk option to steer consumer choice artificially.
Regulatory Crackdown
The penalties were imposed under the Consumer Protection Act, 2019, the E-Commerce Rules, 2020, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023.
The CCPA reiterated that user consent in the digital ecosystem must always be explicit, free, and fully informed, warning digital platforms to conduct rigorous self-audits to remove all manipulative UI designs.
