CCPA fines PhysicsWallah ₹5 lakh, McAfee ₹1 lakh for dark patterns
Synopsis
Key Takeaways
The Central Consumer Protection Authority (CCPA) on Wednesday, 3 June imposed a penalty of ₹5 lakh on PhysicsWallah Limited and ₹1 lakh on McAfee Software India Private Limited for deploying ‘dark pattern' practices that allegedly misled consumers and manipulated their purchase decisions. The action, taken from New Delhi, marks one of the most prominent enforcement steps yet under India's 2023 dark patterns framework.
What the regulator found
The CCPA, headed by Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra, said both firms have been directed to discontinue the flagged practices and ensure that consumers can make informed choices ‘without manipulation or pressure'.
The action was taken under the Consumer Protection Act, 2019, the Consumer Protection (E-Commerce) Rules, 2020, and the Guidelines for Prevention and Regulation of Dark Patterns, 2023.
The PhysicsWallah case
The watchdog took suo motu cognisance of practices on the edtech platform and found that interface designs were influencing users' ability to make free and informed decisions. A ₹10 donation to the PW Foundation was reportedly pre-selected at checkout and added to the payable amount without explicit consent.
Users were also shown emotional messages linked to children's education, healthcare and marriages — content the authority said discouraged them from removing the donation. Courses advertised as ‘free' could only be accessed after users shared personal details such as mobile numbers and email addresses, even though the CCPA found the course content was identical across accounts, suggesting data collection was not essential.
Dark patterns identified
The regulator flagged multiple categories of dark patterns on PhysicsWallah's platform — ‘basket sneaking' via auto-added donations, ‘confirm shaming' through emotionally charged prompts, and ‘forced action' by gating free content behind personal data submission.
In McAfee's case, the CCPA cited misleading subscription renewal practices on its digital platform, a recurring concern in the cybersecurity software segment where auto-renewals and opaque cancellation flows have drawn global scrutiny.
What happens next
Both companies have been directed to remove the flagged design elements and align their platforms with the 2023 guidelines. The orders are likely to set a benchmark for compliance reviews across India's edtech and SaaS subscription industries, with further suo motu actions expected as the CCPA expands its digital-market surveillance.