Facebook and Google have manipulated users into sharing data using so-called “darkpatterns,” such as misleading wording and confusing interfaces, according to a report the Norwegian Consumer Council released Wednesday.
The practices nudged users toward accepting privacy options that favored the tech companies rather than themselves, the NCC found.
Facebook and Google have no intention of providing users with an actual choice, the NCC has claimed, and their use of dark patterns constitutes a violation of the General Data Protection Regulation implemented across Europe last month.
Some of the dark patterns: providing misleading privacy-intrusive default settings; hiding privacy-friendly choices; and giving users the illusion of control while at the same time presenting them with take-it-or-leave-it options. Privacy-friendly options — when they are provided — tend to require more effort from the user, according to the NCC.
The companies have been manipulating users into sharing information, the NCC alleged, noting that such behavior shows a lack of respect for individuals or their personal data and privacy.
Users who declined to choose certain settings were subject to deletion of their accounts in some cases.
The Norwegian trade organization, which has been joined by otherconsumer and privacy groups in Europe and in the United States, hascalled for European data protection authorities to investigate whetherFacebook and Google — as well as Microsoft to a lesser degree, via itsWindows products — have been acting in accordance with the GDPR andU.S. rules.
If the companies are found to be in violation of the GDPR, they could face fines of up to 20 million euros (US$24 million) or 4 percent of their annual global turnover.
When it comes to the collection and sharing of user data, the default settings provided by the tech companies favor the companies over the end user, the NCC concluded.
Users rarely change pre-selected settings, and both Facebook and Google have set the least-friendly privacy choices as their defaults, according to the report.
More worrisome is that the sharing of personal data and the use of targeted advertising routinely are presented as being beneficial to the user, said the NCC. The wording and design suggests users actually benefit from having their data shared. At the same time, users who might want to opt for stricter privacy controls receive warnings about lost functionality.
The NCC singled out Google for designing a privacy dashboard that actually discourages users from changing or even taking control of their settings, and for implying that users benefit from the default settings.
The NCC noted that Facebook users actually are given no substantial choice — even after they take the extra effort to change their respective settings.
Microsoft received some praise for giving equal weight to privacy-friendly and unfriendly options in its Windows 10 operating system settings.
Patterns of Deception
The impact of the report’s findings is not limited to people within Europe.
“Basically, ‘dark matter’ reads like a list of practices that havebeen commonplace for years among Web companies that rely onadvertising revenues for survival — particularly Facebook and Google,”said Charles King, principal analyst at Pund-IT.
“The bigger issue here is that since the EU’s recently implementedGDPR outlaws those functions, offending companies need to scrub themout of their sites or risk significant fines,” he told TechNewsWorld.
“The thing is that dark practices are so mundane that they’ve becomepretty scrub-resistant, as the NCC investigation discovered,” Kingadded.
The companies have been increasingly successful at monetizing data.
“Facebook and Google have built very powerful platforms, businessesand audiences off the backs of their users’ data,” said Brock Berry, CEO of AdCellerant.
“Their platforms are almost a utility to the public, in many ways, that’s operated like a business,” he told TechNewsWorld.
“When they’re divisive in their tactics, they open the doors forcompetitors to enter the market, and I hope consumers step up, slowtheir usage of these platforms, and test other options that are morecustomer/consumer-centric,” Berry added.
“Facebook and Google have a dutyto be consumer-friendly and customer-first focused,” he said. “It’s againsteverything they stand for to be surreptitious in their methods ofcollecting user data.”
Although the NCC report specifically calls out Facebook and Google, as well asMicrosoft’s Windows 10 operating system, this could be just thetip of the iceberg in terms of how software firms have been handling the issue of privacy.
“This practice isn’t limited to the big tech companies; almost alltech companies obfuscate the data they collect about users,” said JoshCrandall, principal analyst at Netpop Research.
“Most of the data are used for productive purposes, but sometimescompanies have used it for more profit-oriented endeavors that usersmay not appreciate,” he told TechNewsWorld.
However, given the severity of the fines that companies may face, the daysof dark patterns could be coming to an end in Europe and theUnited States.
“Facebook, Google, Microsoft and others are working to address theproblem,” remarked Pund-IT’s King.
“It’s too dangerous and costly for them to ignore, but it also lookslike an issue that defies a simple ‘turn off the spigot’ fix — meaning we’re likely to continue to see similar investigations and findings in the months to come,” he predicted.
“In addition, it should be awake-up call for companies affected by GDPR who hope they can somehowskate under the radar and escape notice,” King said. “Facebook, etc.,are obviously big fish, but over time the NCC and other GDPR watchdogswill turn their attention to smaller fry.”