PharmEasy penalised for ‘Basket Sneaking’ dark pattern; CCPA flags design flaw as unfair trade practice

The Central Consumer Protection Authority (CCPA) has held online pharmacy PharmEasy guilty of auto-subscribing users to a paid service without their explicit consent, a move the authority classified as the “basket sneaking” dark pattern, Bar and Bench reported.

As per the report, the regulator imposed a Rs 2 lakh penalty on the platform’s parent company, Axelia Solutions, and directed it to redesign its user interface, modify its terms & conditions, and issue refunds wherever customers were charged without express approval.

How the Dark Pattern worked?

The auto-subscription feature pre-selected a paid service at checkout, increasing the total payable amount without the user’s conscious opt-in.

CCPA Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra concluded that the platform’s design “misled users, compromised consumer autonomy and amounted to an unfair trade practice” under Sections 2(28) and 2(47) of the Consumer Protection Act.

PharmEasy initially told the regulator that the auto-addition was a limited issue and applicable only to some existing subscribers. But CCPA’s investigation revealed the feature was active across two long periods, Nov–Dec 2023 and Mar–Jun 2024, affecting thousands of users.

Data submitted by PharmEasy showed:

- 7,230 auto-subscriptions in April 2024 - 9,730 in May 2024 - Continued enrolments until June 27, 2024, the day the feature was finally disabled.

These numbers sharply contradicted the brand’s claim of a brief technical glitch.

Violation of E-commerce Rules & Unfair T&Cs

The CCPA held that PharmEasy violated Rule 4(9) of the Consumer Protection (E-Commerce) Rules, which requires affirmative consent before charging users.

The platform’s earlier terms & conditions also came under fire for allowing unilateral introduction of new features or auto-renewals based on previous consent, a clause the regulator called an unfair contract term, as it exposed consumers to recurring charges without fresh approval.

PharmEasy argued that users benefitted from the service and that the issue stemmed from a technical error. The CCPA rejected this claim, noting the company produced no evidence of a malfunction and raised the explanation only after proceedings began.

Under the order, PharmEasy must remove the dark pattern completely; refund users charged without explicit consent; rework its T&Cs to comply with consumer law; and pay the statutory penalty.