Leading tech companies push users into sharing personal data

27-06-2018

BEUC NEWS - 27.06.2018

A new report by Forbrukerrådet (the Norwegian Consumer Council) shows how leading tech companies use numerous tricks and tactics to nudge consumers into sharing as much information about themselves as possible.
 

Specifically, the report, entitled “Deceived by Design”, examines the information and consent “pop-ups” that Microsoft, Google and Facebook presented to their users as part of the implementation of the General Data Protection Regulation (GDPR).

The report argues that providers of digital services use a vast array of user design techniques in order to nudge users toward clicking and choosing certain options. The report argues that the use of exploitative design choices, or “dark patterns”, is an unethical attempt to push consumers toward choices that benefit the service provider.

Deceived by Design
Through Forbrukerrådet’s analysis of the companies’ privacy pop-ups, it is made evident that consumers are pushed into sharing their personal data through;

Standard Settings
Research has shown that users rarely change pre-selected settings. In many cases, both Facebook and Google have set the least privacy friendly choice as the default.
Cunning design choices
Sharing of personal data and the use of targeted advertising are presented as exclusively beneficial through wording and design, often in combination with threats of lost functionality if users decline.
Confusing layout
The privacy friendly choices require significantly more clicks to reach and are often hidden away.
Illusion of choice
In many cases, the services obscure the fact that users have very few actual choices, and that comprehensive data sharing is accepted just by using the service. The feeling of control may also convince users to share more information.

BEUC along with Forbrukerrådet, Consumers International, Privacy International and ANEC sent a letter (read here) to the European Data Protection Board urging it to investigate whether the companies are acting in accordance with the General Data Protection Regulation (GDPR).

The report was written with funding from Forbrukerrådet and the Norwegian ministry for Children and Equality and with input from academics from the ALerT research project, BEUC, and Privacy International.

Monique Goyens, Director General of The European Consumer Organisation (BEUC), said:
Companies have to respect the letter and the spirit of the GDPR. This report demonstrates that many global digital household names still have a long way to go to do just that. European consumer organisations will continue to be vigilant, expose misconduct and work together with regulator to improve the system.