The Dark Side of Consent: Data Privacy Challenges under India’s DPDP Act
DOI:
https://doi.org/10.48165/tlr.2026.6.01.03Keywords:
Data Privacy, Dark Patterns, consent, DPDP Act 2023, Manipulative Consent, Digital Platforms, GDPR, User Autonomy, Data Protection, Behavioural ManipulationAbstract
The growing digitisation of economic and social interactions has significantly increased the collection, processing, and commercialization of personal data, making data privacy a critical issue in contemporary legal discourse. Consent has become the main pillar of data protection regimes in this dynamic digital environment, with the goal of guaranteeing user autonomy and control over personal data. However, there are significant questions about the legitimacy and authenticity of such consent given the increasing use of dark patterns, which are misleading and manipulative interface designs that affect user behaviour. The issue of manipulative consent procedures under India's Digital Personal Data Protection Act, 2023 (DPDP Act) is critically examined in this study. It examines whether the statutory conditions of being free, particular, informed, unconditional, and unambiguous are met by consent obtained using dark patterns. The illusion of permission, information asymmetry, lack of transparency, behavioural manipulation, and increased dangers of data exploitation in digital platforms are among the main issues that the study examines. With special reference to the General Data Protection Regulation (GDPR), the article assesses statutory provisions, regulatory changes, policy reports, and international best practices using a doctrinal, analytical, and comparative research methodology. The analysis reveals considerable shortcomings in India's current regulatory framework, particularly the lack of clear laws dealing with dark patterns, interface-level accountability, and proactive enforcement measures. The study comes to the conclusion that while the DPDP Act is a major step forward for India's data protection laws, its ability to guarantee genuine consent is still restricted in the absence of more robust legal protections against deceptive design practices. To secure meaningful, informed, and autonomous consent in the digital economy, it suggests more stringent enforcement methods,more platform accountability, explicit legal acknowledgement of dark patterns, and increased consumer awareness.
References
Digital Personal Data Protection Act, 2023, No. 22 of 2023, India.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). (2016). Official Journal of the European Union, L119, 1–88.
European Data Protection Board. (2022). Guidelines 3/2022 on dark patterns in social media platform interfaces: How to recognise and avoid them. https://edpb.europa.eu/
Ministry of Electronics and Information Technology, Government of India. (2022). Reports and consultation papers on data protection. Government of India. https://www.meity.gov.in/
Relevant scholarly literature on consent, autonomy, and digital design as cited in the course of this research. (n.d.). Various sources.

