The Central Consumer Protection Authority has penalized SpiceJet ₹100,000 for deploying deceptive "dark patterns" on its booking platform. The airline was flagged for automatically enrolling passengers into its loyalty program via pre-ticked checkboxes, violating Indian consumer protection laws and digital transparency guidelines.
NEW DELHI — The Central Consumer Protection Authority (CCPA) announced on Friday, July 17, 2026, that it has imposed a ₹100,000 penalty on budget carrier SpiceJet Limited for employing deceptive user interface designs, legally categorized as "dark patterns," on its digital flight booking platform. An inquiry led by Chief Commissioner Nidhi Khare and Commissioner Anupam Mishra determined that the airline systematically bypassed explicit user consent during ticket purchases.
The regulatory action addresses digital manipulation tactics used by online travel platforms to steer consumer choices. By penalizing these deceptive default settings today, India's consumer watchdog is establishing a strict compliance precedent for e-commerce operators, reinforcing that digital transactions must remain transparent and driven by explicit user intent.
Technical Violations Flagged on SpiceJet Booking Interface
According to the official order issued by the Central Consumer Protection Authority, a suo motu examination of SpiceJet's digital portal revealed multiple design configurations meant to alter normal purchasing behavior. The regulator noted that flyers were automatically registered into the airline's "SpiceClub Loyalty Programme" via a pre-ticked checkbox embedded directly within the check-out flow.
Furthermore, the interface presumed that consumers consented to receive ongoing promotional messages across SMS, WhatsApp, and email because the default choice was pre-selected, requiring zero affirmative actions from the buyer. The CCPA revealed that even after a formal notice was issued to the carrier, the company simply swapped the initial pre-checked mechanism for an alternate pre-ticked box, continuing the non-consensual data gathering in a modified layout.
Prohibited Dark Patterns and Regulatory Breach
The consumer panel formally classified the airline's user interface design into three distinct prohibited categories under the active regulatory framework:
Forced Action: Compelling travelers to process and manage loyalty profile fields as an unrequested prerequisite to completing a basic flight booking.
Interface Interference: Highlighting and pre-selecting the commercial outcomes favored by the business while visually obscuring neutral or opt-out selections for the customer.
Trick Question: Applying confusing, double-negative, or poorly worded opt-out consent clauses specifically crafted to misdirect consumers during checkout.
The authority held that these practices directly violated the foundational tenets of consumer autonomy outlined in the Consumer Protection Act, 2019. The carrier was also found in breach of Rule 4(9) of the Consumer Protection (E-Commerce) Rules, 2020, alongside the Guidelines for Prevention and Regulation of Dark Patterns, 2023.
Defensive Pleadings and Required Legal Undertakings
During the administrative proceedings, legal representatives for SpiceJet argued that the loyalty system yielded redeemable reward assets rather than direct cash liabilities, and attributed the pre-checked communication markers to an internal technical error.
The CCPA rejected these technical arguments, ruling that default consent configurations generate an entirely false impression of conscious consumer choice. The airline has been ordered to pay the financial fine, submit a formal compliance report within 15 days, and provide a binding undertaking that all default-consent elements have been permanently stripped from its booking architecture.
Official Sources Section
According to official enforcement statements shared by Union Consumer Affairs Minister Prahlad Joshi, the administrative action emphasizes that consumer consent must remain explicit, informed, and freely given across all digital e-commerce platforms operating in the domestic market.
Quote Section
"According to officials at the consumer protection authority, consent inferred through pre-ticked checkboxes alters consumers' rights and obligations without their express agreement, making such digital interface designs legally unacceptable and contrary to public welfare."
Why It Matters
This enforcement action provides immediate protection for daily airline passengers who frequently fall victim to hidden costs and unwanted subscriptions when booking travel online. By penalizing a major domestic carrier, the government signals to the entire aviation, hospitality, and e-commerce sectors that deceptive interface designs will face financial penalties. For digital businesses, this ruling establishes that pre-selected options are no longer a viable method for generating user enrollment or expanding marketing databases.
Key Facts at a Glance
Penalty Amount Imposed: The CCPA issued a flat ₹100,000 fine to SpiceJet for deceptive booking practices.
Core Offense Investigated: The airline used pre-ticked checkboxes to automatically enroll flyers into its loyalty program and marketing channels.
Identified Violations: The digital booking flow breached the Consumer Protection Act, 2019, and the 2023 Dark Pattern Guidelines.
Corrective Mandate Ordered: The company must submit a permanent legal undertaking and file a full compliance report within 15 days.
FAQ Section
Q1: What are "dark patterns" in digital flight bookings?
Dark patterns refer to deceptive user interface designs—such as pre-ticked boxes or confusing opt-out choices—that manipulate online users into making purchases or selections they did not intend to make.
Q2: How did SpiceJet's platform mislead consumers?
The airline utilized default settings that automatically registered flyers into its loyalty program and subscribed them to text, WhatsApp, and email marketing without explicit consent.
Q3: What must SpiceJet do to comply with the CCPA order?
Beyond paying the ₹100,000 fine, the airline must permanently remove all pre-checked consent defaults and provide a formal compliance report within 15 days.
Source: Central Consumer Protection Authority Portal, Ministry of Consumer Affairs, Food & Public Distribution.