The new GDPR regulation is out for more or less a month now and most businesses either adapted their pages, closed them down, or are denying Europeans access. Users were and are assaulted with lots of popups that guide them through the privacy settings they can take and that explain what data are being shared with whom. While annoying it also gives the users back some degree of control over the usage of their private data. At least in theory.
Some companies, namely Google and Facebook, apparently do not take the GDPR as seriously as they should according to the Norwegian Consumer Council (NCC). Actually the opposite seems to be true: A newly released 44 page report suggest, that Google and Facebook manipulate users to actually share their personal data.
The report starts with “we analyze a sample of settings in Facebook, Google and Windows 10, and show how default settings and dark patterns, techniques and features of interface design meant to manipulate users, are used to nudge users towards privacy intrusive options.” – and it definitely delivers.
When not being manipulated into using the more intrusive options Google and Facebook apparently also make the users jump through more hoops to actually get the privacy friendly options. Worse: Sometimes the companies even threaten with the loss of functionality or deletion of the user account if the “wrong” options are being selected. Some of the examples in the report are:
How Facebook and Google press you to make uncomfortable choices
Hidden functions: Facebooks GDPR popup that actually turns the “Ads based on data from third parties” settings on if you simply click “Accept and continue” instead of taking a deep dive into the data settings. Google uses a similar practice: A lot of the real settings are never seen if the user just decides to agree to the terms, which makes it impossible to actually know what kind of data sharing was agreed upon.
Terms threat: Facebook not giving the users a real option other than to agree with their updated terms – well, that is except if you count deleting your account as a real one.
The discontinued service lie: Facebook and Google rushing the users by the process by telling them they need to finish the review ASAP or they will not be able to continue using their services. According to the NCC “this gives the impression that the user will be blocked from using Facebook until the settings have been reviewed. This turned out to be false.”
What to do
If you care for your privacy make sure to go through all the settings you are provided, no matter how tedious. Don’t fall for clever wording that promises you how great your customized experience will be. Read carefully what is suggested to you and make a choice you are comfortable with.