Report: How Facebook and Google Convince Users to Share Personal Data

The Norwegian Consumer Council has analyzed how Facebook and Google convince users to share more of their personal data in a new report.

A new report published by the Norwegian Consumer Council, Forbrukerrådet, has outlined how the Silicon Valley Masters of the Universe, including Facebook and Google, convince users to share their personal data online. The report is titled “DECEIVED BY DESIGN: How tech companies use dark patterns to discourage us from exercising our rights to privacy,” and claims that Silicon Valley tech companies are convincing users to share their personal data through “cunning design, privacy-invasive defaults, and ‘take it or leave it’-choices.”

According to the report, Silicon Valley tech companies appear to have no intention of actually giving users a choice in the information they share, but rather aim to provide an illusion of choice. Finn Myrstad, the director of digital services in the Norwegian Consumer Council stated: “These companies manipulate us into sharing information about ourselves. This shows a lack of respect for their users, and are circumventing the notion of giving consumers control of their personal data.”

Monique Goyens, the director general of the European Consumer Organisation (BEUC) stated: “Companies have to respect the letter and the spirit of the GDPR. This report demonstrates that many global digital household names still have a long way to go to do just that. European consumer organizations will continue to be vigilant, expose misconduct and work together with regulators to improve the system.”

Ailidh Callander, the Legal Officer at Privacy International stated: “We welcome this analysis by the Norwegian Consumer Council. As GDPR is implemented by companies, it is important to test how companies are making changes to their products and services to ensure that users’ privacy is protected. We call on regulators to investigate further the dark patterns in which NCC’ analysis suggest companies are deploying and engaging.”

The summary of the report states:

In this report, we analyze a sample of settings in Facebook, Google and Windows 10, and show how default settings and dark patterns, techniques and features of interface design meant to manipulate users, are used to nudge users towards privacy intrusive options. The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users.

Facebook and Google have privacy intrusive defaults, where users who want the privacy friendly option have to go through a significantly longer process. They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.

The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices. Choices are worded to compel users to make certain choices, while key information is omitted or downplayed. None of them lets the user freely postpone decisions. Also, Facebook and Google threaten users with loss of functionality or deletion of the user account if the user does not choose the privacy intrusive option.

The GDPR settings from Facebook, Google and Windows 10 provide users with granular choices regarding the collection and use of personal data. At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible. Facebook Google Windows 10 provide users with granular choices regarding the collection and use of personal data. At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible.

Read the full report here.