As per a report by the Norwegian Consumer Council, Facebook, Microsoft and Google drive the users away from the privacy-friendly selections on their services in an “unethical” way.
The council analysed the privacy settings of the companies and identified a series of “dark patterns” which includes intrusive-default settings and a deceptive wording.
The companies gave users an illusionary power, as per the report suggestions.
Both the firms—Google and Facebook said that privacy was of importance to them.
The report named—Deceived by Design, is based on the user tests which were conducted in April and May, the time when all three companies were reportedly involved in making changes to their privacy policies to make them in compliance with the EU’s General Data Protection Regulation (GDPR).
The council identified that
- Privacy-friendly options being hidden
- Take it all or leave it choices
- Privacy-invasive defaults with a longer procedure for users who wanted privacy-friendly options
- Some privacy settings were masked
- No choice of delaying the decisions
- Pop-ups urging users to make certain selections, while the important information getting deleted or downplayed
- Threats of account deletion or loss of functionality of the user account if certain settings not selected
Facebook, for example, warns anyone who wishes to disable facial recognition that doing so means that the company would not be able to use this technology if a stranger tries to impersonate.
The report added that the privacy dashboard of Google promises to allow the users to easily delete data, however, the dashboard is so difficult to navigate, resembling more like some maze than a tool for user control.
Microsoft was appreciated for giving equal weight to privacy-friendly and unfriendly options in its initial set-up process in Windows 10.
The report concluded that users are most of the time provided with this illusion of control and authority via their privacy settings, even though they are not getting it.
It further added that the use of privacy-intrusive defaults and the use of dark pattern provokes users of Google and Facebook and to a smaller degree Microsoft, towards the privacy-friendly options to an extent that they consider them unethical.
In response, Google said that they are constantly regulating these controls based on the user experience tests. They have taken steps to upgrade their policies, products and processes to make them comply with the EU’s new data protection regulation and to provide all users with meaningful data transparency and direct controls throughout all the Google services.
Facebook said that they have made their policies much clearer and their privacy settings much easier to find and has also launched better tools for people to navigate, download and delete their information.
Microsoft said that they are committed to GDPR compliance throughout their cloud services and provide GDPR related assurances in their contractual commitments.
Sometime after GDPR came into effect in May, both Google and Facebook were blamed for breaking the laws by privacy group noyb.eu, started by an activist—Max Schrems.
It complained that people were not provided with free choices when it comes to selecting new privacy settings.