Strengthening consumer consent in e-commerce : Legal and policy reforms to address dark patterns and AI-driven challenges

India’s e-commerce ecosystem increasingly relies on algorithmic personalisation and data-driven business models that depend on consumer consent to legitimise large-scale personal data processing. In practice, however, consent is frequently shaped by interface design choices, bundled permissions and opaque artificial intelligence (AI)-driven profiling, raising concerns about whether user consent remains informed, voluntary and meaningful. This paper critically examines the effectiveness of consent mechanisms deployed by Indian e-commerce platforms under the Digital Personal Data Protection Act 2023 (DPDP Act) and the Digital Personal Data Protection Rules 2025 (DPDP Rules). Drawing on comparative insights from the European Union’s General Data Protection Regulation (GDPR) and the US sector-specific privacy framework, it analyses how dark patterns, fragmented consent flows and automated decision-making (ADM) practices undermine user autonomy in practice. Through doctrinal and platform-level analysis, the paper identifies structural deficiencies in the operationalisation of consent across the e-commerce life cycle. It proposes targeted legal and policy reforms aimed at strengthening granular consent, enhancing transparency and accountability, and addressing AI-driven consent challenges. By repositioning consent as a substantive privacy safeguard rather than a procedural formality, the paper seeks to reinforce consumer trust and support a rights-respecting digital marketplace in India. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.