Despite the new GDPR regulation entering into effect across Europe, Facebook and Google are manipulating users into sharing personal data by leveraging misleading wording and confusing interfaces, according to a report released today by the Norwegian Consumer Council (NCC).
In its 44-page report, the Norwegian agency accuses Google and Facebook of using so-called “dark patterns” user interface elements into “nudging” users towards accepting privacy options.
These dark patterns include misleading privacy-intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy-friendly option requires more effort for the users.
Google and Facebook making users work for their privacy
“Facebook and Google have privacy-intrusive defaults, where users who want the privacy-friendly option have to go through a significantly longer process,” the NCC says.
“They even obscure some of these settings so that the user cannot know that the more privacy intrusive option was preselected.
“Choices are worded to compel users to make certain choices, while key information is omitted or downplayed,” the NCC says in its report.
Google and Facebook threaten users with loss of service
Furthermore, investigators discovered that both Facebook and Google threaten users with loss of functionality or deletion of the user account if they don’t choose the privacy-intrusive options.
The NCC also analyzed the privacy options in Microsoft’s Windows 10 operating system but gave the product a generally favorable rating after the agency discovered that Windows 10 was using “privacy by default” settings.
