Despite the new GDPR regulation entering into effect across Europe, Facebook and Google are manipulating users into sharing personal data by leveraging misleading wording and confusing interfaces, according to a report released today by the Norwegian Consumer Council (NCC).
In its 44-page report, the Norwegian agency accuses Google and Facebook of using so-called "dark patterns" user interface elements into "nudging" users towards accepting privacy options.
These dark patterns include misleading privacy-intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy-friendly option requires more effort for the users.
Google and Facebook making users work for their privacy
"Facebook and Google have privacy-intrusive defaults, where users who want the privacy-friendly option have to go through a significantly longer process," the NCC says.
"They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.
"Choices are worded to compel users to make certain choices, while key information is omitted or downplayed," the NCC says in its report.
Google and Facebook threaten users with loss of service
Furthermore, investigators discovered that both Facebook and Google threaten users with loss of functionality or deletion of the user account if they don't choose the privacy-intrusive options.
The NCC also analyzed the privacy options in Microsoft's Windows 10 operating system but gave the product a generally favorable rating after the agency discovered that Windows 10 was using "privacy by default" settings.
|
|
|
|
Here are some of the report's conclusions on various topics.
The general conclusion:
Conclusion on privacy dashboard that Google has rolled out to EU users:
Conclusion on Facebook's GDPR popup:
Conclusion on the use of dark pattern UI elements:
Prior to today's report, an Austrian privacy advocate had filed GDPR complaints against Google and Facebook for the same reasons detailed in the NCC report. The complaint was filed hours after GDPR entered into effect across Europe.
If found guilty, the two companies face fines up to €20 million ($24 million) or 4% of their annual global turnover.
Comments
NigelStraightgrain - 3 years ago
Useful information, but hardly surprising. This is precisely the reason why I dumped my Facebook account, and I use NoScript to prevent any Facebook scripts from running in my browser.
It's hard to limit Google exposure, as the article reveals, but I do my best. The easiest solution is to limit my Google usage. My Google account is under an alias, and there again NoScript helps limit exposure.
Windows is not a problem, because I use it only on a server host, running as a virtual machine inside macOS, and its web connectivity is limited to software updates from a few whitelisted sites.
There will never be any significant reduction in the aggressive data collection by Facebook, Google, and others until they switch from opt-out to opt-in. I predict that will never happen until users simply refuse to use their "services" unless the companies switch to opt-in...
...which essentially means it will never happen. As far as I can tell, the vast majority of users don't even know they're being exploited. That's why they're so easily bamboozled by the complicated privacy settings.
Obviously, Facebook and Google are doing all of this data collection "on the sly" (as evidenced by their use of "dark pattern" UI elements), because they know that many users would be outraged if they actually understood how many billion$ are being made at the cost of their privacy and security.
I suspect that this is an issue just waiting for some slimebag politician to come along and whip up the masses into a hysterical anti-capitalist frenzy, promising to pass even more laws, which will solve nothing and end up costing companies (and users) more money...another transfer of wealth to the state.
The irony in the whole thing is that these companies are doing it all wrong. They’re fools to expose themselves to such political attack. All they would have to do to head off any political interference is incentivize the users who let the companies collect their data—a kind of profit sharing deal—and then make it opt-in. No fraud, no trickery, no data collection on the sly. Let everyone know exactly what they're doing. And let users choose whether they want to participate by opting in.
In the end, the companies would probably make more money, and insulate themselves from attack by grandstanding political hacks into the bargain. Otherwise, they're setting themselves up for a fall...in fact, they're begging for it with their current deceptive practices.
cjgiam - 3 years ago
Wow! What a surprise! (sarcasm)
The only surprise I see here is that the authors or Norwegian Consumer Council looked at one tiny aspect of a Windows 10 installation & declared: "privacy by default" settings. I've done dozens of Windows 10 installations & there is a SLEW of privacy settings which have to be turned off each installation & some are hidden. Very few are off by default, unless the European versions have been tweaked.
the_moss_666 - 3 years ago
I wonder it took so long. Opt-out principle and pre-checked tick boxes are in a (dark) gray area in many countries and it doesn't take much to be out right illegal. For example, in my country, fraud is defined as "to misguide someone or exploit someone's lack of knowledge to gain profit". So pre-checked installation of newest java in order to to run the game is fine, but lying about necessity of consent or relying on users to overlook checkbox in order to install crapware, is technically a fraud.
I guess no one had the balls to poke the bear. Until now.
On the other hand, GDPR also creates environment of fear, fines and snithes. All it takes to damage your business is a single annonymous complaint with no evidence at all. I've seen this before GDPR, an I don't believe it will be getting any better. Government will happily do the dirty job for you!
herbman - 3 years ago
Google ,Facebook & Twitter are all to be avoided , they'll have been pushing progressive politics & censoring people who don't share their viewpoints.
Google has manipulated their search results going back years & actively aligned itself with the Obama administration & now the globalist .
Zuckerberg to this day continues to meet with his close friend George Soros to get recommendations & ideas.
They have now been claiming real actual proven news is actually untrustworthy fake news and pushing proven fake news as truthful news .
muesli - 3 years ago
Google's GDPR popups are social engineering users plain and simple: instead of saying "We (Google) are obliged by this law to ask your permission before we can obtain, store and use your data" they are worded to be perceived as "You (user) are obliged by this law to accept that we collect, store and use your data". Also the fact that basice services like the only official Android app store require accepting Google's privacy terms is outrageous.