Skip to main content

Google, Facebook exploit dark patterns

June 29, 2018 | Expert Insights

According to a report funded by the Norwegian Consumer Council, tech giants Facebook and Google rely on “dark patterns” to discourage users from exercising their privacy rights.

Background

Data privacy is an issue of increasing concern. Governments across the world have noticed that data is being weaponized. The Russian misinformation and influence campaigns during the 2016 US Presidential elections are an example of the fact that data may be used maliciously to undermine democratic processes and institutions.

Facebook’s Cambridge Analytica scandal brought the issue of data privacy into the spotlight once more. It drew global attention to the degree of control corporations, such as Facebook, have over personal information, sparking debates on privacy and data use. Cambridge Analytica, a data mining organization and political consultancy, received the personal information of approximately 87 million Facebook users through a third-party app. Facebook has faced litigation in European courts due to this issue and is currently under investigation by the Federal Trade Commission (FTC).

On May 25, 2018 the General Data Protection Regulation legislation came into effect in the European Union. The GDPR intends to “harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy”. As GDPR is a regulation rather than a directive, it is applicable across all member nations.

Analysis

The GDPR provides EU citizens with new rights to access, erase, transfer, or correct any personal data held by information companies. It allows organizations to manage data better and implement personal data risk management, policies and procedures. Corporations are now compelled to notify users of data breaches and obtain informed consent from all subjects before collecting any data on them.

Now, a new report from Norwegian Consumer Council has claimed that tech giants like Google, Facebook and Microsoft have found a way to push users away from privacy-friendly options on their services in an "unethical" way.  "Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears," the report said. "And Google's privacy dashboard promises to let the user easily delete data, but the dashboard turns out to be difficult to navigate, more resembling a maze than a tool for user control," it added. The consumer watchdog concluded: "The combination of privacy-intrusive defaults and the use of dark patterns nudge users of Facebook and Google, and to a lesser degree Windows 10, towards the least privacy-friendly options to a degree that we consider unethical.” Meanwhile, Microsoft received praise for giving equal weight to privacy-friendly and unfriendly options in its set-up process in Windows 10.

The researchers found that Facebook and Google have default settings designed to extract a maximum of personal data from users. Their GDPR-related notifications are adorned with a big, convenient button for consumers to accept the company’s current practices.

Counterpoint

In response the report Google said: "Over the last 18 months, in preparation for the implementation of the EU's new data protection regulation, we have taken steps to update our products, policies and processes to provide all our users with meaningful data transparency and straightforward controls across all our services. We're constantly evolving these controls based on user experience tests - in the last month alone, we've made further improvements to our Ad Settings and Google Account information and controls."

Facebook has also noted that the company is improving its standards adding, “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information.”

Assessment

Our assessment is that the enforcement of GDPR has shined the spotlight on how large companies like Google and Facebook continue to take advantage of loopholes to infringe on user privacy. It remains to be seen if the new policy has an effect on how these tech companies function moving forward. Given the evolving nature of technology, it is prudent to acknowledge that tech giants will continue creating new ways to get ahead of policies and laws drafted by lawmakers across the world.