Introduction
The terms of service governing an Indian user’s interaction with a digital platform can run to fifty pages of dense legal prose. The user, if she reads them at all, skims a page before clicking “I Agree” in the knowledge that refusal means no access to the service. This dynamic, replicated billions of times across India’s rapidly expanding digital economy, raises a foundational question for contract law: does the act of clicking an acceptance button, or simply continuing to use a website after terms have been posted, constitute the kind of free and informed consent that the Indian Contract Act 1872 requires for a binding agreement?
Shrinkwrap agreements originated in software licensing, where licence terms were placed inside sealed software packaging with the logic that opening the seal constituted acceptance. Clickwrap agreements present terms on screen and require the user to click an “I Agree” button before proceeding. Browsewrap agreements post terms somewhere on a website, often linked in fine print at the bottom of a page, with the proposition that using the site constitutes acceptance regardless of whether the user ever found or read the terms. Each of these formats raises distinct legal issues, and Indian courts have addressed them with increasing frequency as the digital economy has grown.
Legal Framework
Section 7 of the Indian Contract Act 1872 provides that acceptance must be absolute and unqualified, and must be expressed in some usual and reasonable manner, unless the proposal prescribes the manner in which it is to be accepted. The critical words for digital contracting are “usual and reasonable manner.” Clicking a button is a sufficiently usual and reasonable act in the digital context, and Indian courts have accepted clickwrap acceptance as prima facie valid since the Information Technology Act 2000 came into force.
Section 10A of the Information Technology Act 2000, inserted by the 2008 Amendment, provides that contracts formed through electronic means are valid and enforceable and shall not be denied legal effect solely because electronic communication was used. This provision has been interpreted by courts to validate online acceptance mechanisms, including clickwrap. However, it does not address the quality of consent, only its electronic medium.
Section 2(d) of the Indian Contract Act defines consideration, and Section 10 requires that consent be free as defined in Section 14: consent is free when it is not caused by coercion, undue influence, fraud, misrepresentation, or mistake. None of these grounds directly addresses the informational asymmetry inherent in standard-form digital agreements, though courts have occasionally invoked the undue influence doctrine in egregious cases.
The Consumer Protection Act 2019 is the most significant recent addition to this framework. Section 2(47) defines “unfair contract” to include contracts that cause a significant imbalance in the rights and obligations of parties to the detriment of the consumer, and the Central Consumer Protection Authority and consumer courts have jurisdiction to declare terms unfair and unenforceable. The Consumer Protection (E-Commerce) Rules 2020 further require e-commerce entities to provide clear and accessible information about terms and conditions.
The Digital Personal Data Protection Act 2023 (DPDP Act) adds a consent dimension that is directly relevant to terms of service embedded in digital agreements. The Act requires that consent for processing personal data be free, specific, informed, unconditional, and unambiguous. A bundled consent embedded within a terms of service agreement that the user has not genuinely read may not satisfy these requirements, creating a tension between the contract law validation of clickwrap agreements and the data protection law’s requirements for genuine consent.
Judicial Developments
Indian courts have developed a reasonably coherent, if not fully articulated, approach to digital agreement validity. The foundational principle established across several High Court decisions is that for a digital agreement to be binding, the user must have had reasonable notice of the terms and a reasonable opportunity to review them before accepting.
In Indiatimes Content.com v. Bhupesh Gupta (Delhi High Court, 2002), the court upheld an online terms of service in a dispute about content licensing, finding that the user’s act of registration and continued use of the platform constituted acceptance of the posted terms. This early decision adopted an essentially browsewrap logic but involved a sophisticated commercial user rather than a consumer.
Matrimony.com Limited v. Google LLC (Competition Commission of India, 2020, with related High Court proceedings) raised the issue of whether a platform’s terms of service, which required developers to accept mandatory terms to access the Play Store ecosystem, constituted a valid contract or an anticompetitive imposition. While the primary analysis was competition law, the proceedings generated useful observations about the coercive character of take-it-or-leave-it digital terms presented to parties without bargaining power.
The National Consumer Disputes Redressal Commission has been considerably more active than civil courts in examining digital agreement terms for fairness. In Indian Railway Catering and Tourism Corporation disputes before consumer forums, the courts have scrutinised IRCTC’s terms of service provisions on refunds, cancellations, and service fees, holding on several occasions that terms buried in lengthy agreements that materially disadvantage consumers do not constitute binding contract terms because the consumer did not have meaningful notice of them.
The most analytically sophisticated treatment of browsewrap agreements appears in the arbitration context, where many Indian platforms embed mandatory arbitration clauses in their terms of service. The Bombay High Court in Uber India Systems Pvt. Ltd. v. Bhajji (2023) was asked whether an arbitration clause in Uber’s driver partner agreement, accessed through the mobile app, was binding. The court upheld the clause but emphasised that the interface design presented the terms clearly, that the driver partner was taken through the terms step by step, and that there was evidence of actual engagement with the agreement. The court’s reasoning suggests that passive posting of terms, without more, may not be sufficient even in a commercial context.
Contemporary Issues and Analysis
The central analytical issue in evaluating digital agreement assent is the problem of meaningful consent. Classical contract theory presupposes parties who understand what they are agreeing to and freely choose to be bound. The reality of digital contracting is that the terms are practically unreadable, the choice to refuse means exclusion from essential services, and the asymmetry between the platform’s legal resources and the user’s comprehension is structural rather than incidental.
The reasonable notice doctrine, developed in US case law and increasingly adopted in Indian decisions, holds that a user is bound by terms of which she had reasonable notice. Notice is assessed objectively: would a reasonable person in the user’s position have been aware that terms existed and that continued use constituted acceptance? This standard works reasonably well for clickwrap agreements where the user must actively click an acceptance button, but it is stretched to the point of fiction for browsewrap agreements where terms are accessible only through a small-font hyperlink at the bottom of a heavily designed page.
The American approach established in Specht v. Netscape Communications Corp (2nd Circuit, 2002) requires that notice of terms be “reasonably conspicuous” before a user can be bound by them. The court declined to enforce an arbitration clause embedded in a browsewrap agreement because the link to the terms was not visible on the page without scrolling down, and there was nothing in the interface to alert the user that using the software would constitute acceptance of binding legal terms. This standard has been widely followed in US courts and has influenced Indian judicial reasoning, particularly in consumer contexts.
The DPDP Act’s consent requirements create a new dimension of complexity. Section 6 of the Act requires that consent be given through a clear affirmative act and be as easy to withdraw as to give. A terms of service agreement that bundles data processing consent with general platform terms, presented as a single “I Agree” click, is almost certainly non-compliant with the DPDP Act’s consent architecture. The implications are significant: platforms that rely on bundled clickwrap consent for both contractual terms and data processing will need to disaggregate these consents, presenting data processing requests separately and ensuring that refusal to consent to non-essential processing does not deny access to the service’s core functionality.
The question of minors’ digital assent is particularly pressing in India. Section 11 of the Indian Contract Act renders agreements with minors void, not merely voidable. A minor who clicks “I Agree” to a platform’s terms of service does not create a valid contract, regardless of whether the platform asked the user’s age. Indian platforms routinely include age confirmation checkboxes in their registration flows, but these do not cure the invalidity: a minor’s agreement that she is above the age of majority is itself void under Mohori Bibee v. Dharmodas Ghosh (1903), the foundational authority on minor contracts in India. The DPDP Act adds a further layer by requiring parental consent for processing data of children, defined as persons below 18 years, and the intersection of minor contract law and data protection consent requirements creates substantial compliance complexity for consumer-facing platforms with young user bases.
Comparative and International Perspective
The EU approach to digital agreement validity is substantially more protective of users than the Indian framework. The EU Directive on Consumer Rights (2011/83/EU) requires that pre-contractual information be provided in a clear and comprehensible manner and that the consumer actively acknowledge having read the information before being bound. The Directive on Unfair Terms in Consumer Contracts (93/13/EEC) renders unfair terms non-binding on consumers regardless of whether they were included in a signed agreement. The EU’s enforcement approach through national consumer protection agencies creates a credible deterrent to unfair digital contracting practices.
The UK’s approach under the Consumer Rights Act 2015 requires that contractual terms be transparent (expressed in plain and intelligible language) and prominent (brought to the attention of the consumer in a way that allows a fair assessment of the terms) to be binding. The Financial Conduct Authority has developed guidance on digital agreement design that incorporates behavioural insights about how users actually engage with online terms, moving beyond the formal legal analysis to engage with the psychological reality of digital consent.
Australia’s competition regulator, the ACCC, has been particularly active in challenging browsewrap agreements in the technology sector, issuing proceedings against several major platforms for presenting terms in a manner that the regulator characterised as misleading. The Australian approach treats digital agreement design as a consumer law issue rather than purely a contract law issue, with regulatory enforcement supplementing private rights.
Practical and Policy Implications
The practical implications of uncertainty in this area affect both platforms and users. Platforms that rely on browsewrap or inadequately disclosed clickwrap agreements to bind users to mandatory arbitration, limitation of liability, and data processing terms face the risk that these provisions will be held unenforceable in consumer disputes. The asymmetry of litigation costs means that this risk is largely borne by consumers who cannot afford to challenge terms individually, but it surfaces in class-action or regulatory proceedings.
The DPDP Act’s enforcement mechanism, through the Data Protection Board, creates a new avenue for challenging digital agreement consent structures. The Board has the power to impose penalties and direct remediation, and its approach to bundled consent embedded in terms of service will be a critical indicator of how India’s data protection regime interacts with contract law principles.
For the MSME sector, the risk runs in a different direction. Small businesses contracting with large platforms through standard API terms, marketplace agreements, and payment processing agreements are bound by terms they cannot negotiate. The unfair contract terms framework of the Consumer Protection Act 2019 does not extend to B2B transactions, leaving small business users without the statutory protections available to consumers.
Suggestions and Reforms
A coherent set of reforms is needed to address the multiple dimensions of this problem. First, the IT Act should be amended to specify minimum design standards for valid digital agreement assent, drawing on the EU model: terms must be displayed in full before acceptance, the acceptance mechanism must require a clear affirmative act, data processing consents must be disaggregated from general terms, and withdrawal of consent must be as easily accessible as the original consent mechanism.
Second, the DPDP Act rules, to be notified by the Data Protection Board, should provide specific guidance on the interface between data protection consent and contractual acceptance, clarifying that a single “I Agree” click cannot simultaneously serve as both forms of consent where the data processing goes beyond what is necessary for the contracted service.
Third, the Consumer Protection Act 2019 should be amended to create a class action mechanism for digital agreement unfair terms, allowing the Central Consumer Protection Authority to bring proceedings on behalf of affected consumers rather than requiring each consumer to file an individual complaint.
Fourth, specific protections for minor users in digital contracting should be codified, including a requirement that platforms implement age verification that goes beyond a self-declaration checkbox, and a clear rule that contracts with verified minors are void and that any benefits received must be restored.
Conclusion
Digital agreement validity sits at the intersection of contract doctrine, consumer protection law, and data protection regulation, and the Indian framework is currently fragmented across all three. Courts have developed a workable common-law approach based on the reasonable notice doctrine and the requirement of meaningful assent, but this approach is inconsistently applied and does not address the structural informational asymmetry of modern digital contracting. The DPDP Act has introduced new consent requirements that complicate the picture further without fully resolving it. A unified legislative approach to digital agreement validity, grounded in transparency, clarity of assent, and meaningful user understanding, is both legally necessary and commercially beneficial for the long-term credibility of India’s digital economy.