Despite the push for data privacy and security, it appears the European Union’s General Data Protection Regulation (GDPR) policies may not be as secure as it had intended. Tech conglomerates such as Microsoft, Google, and Facebook may have found ways to dodge GDPR regulations, which means data privacy is still in big trouble when it comes to abusive user data practices. What do we do now?
In fact, it appears the tech companies have started to find ways of discouraging their users to “agree” to the privacy protections the GDPR has forced these companies to offer their customers.
This appears to be yet another surprising example of tech giants in the United States to indeed “follow” policies, regulations, and rulings from Europe “to the letter” without actually changing their practices. In fact, current moves from the tech giants suggest there really is just superficial compliance towards the GDPR’s rulings, which requires users to agree first as to what their data is going to be used for, with options for their data to be deleted whenever they wish.
The rather upsetting news came courtesy of the Norwegian Consumer Council, funded by Norway’s government itself, which looked towards “dark patterns” used by the tech giants to discourage users from fully taking advantage of their rights to privacy.
These include interfaces that are designed for users to actually willingly give out data, such as subscribing to services they didn’t choose, or having to give up data to these providers. Google and Facebook have been using these strategies before, but only now have the “tools of the trade” been actually revealed.
The Dark Secrets Of Bypassing The GDPR
It appears Google and Facebook have been using “simple” yet extremely far-reaching methods when it comes to making users want to forego their rights to privacy. It’s been found that Google and Facebook’s default settings have been geared to “maximize” the extraction of data from users. While GDPR-related notifications are indeed emblazoned with big buttons to have users “accept” their “new” practices.
If users don’t agree, they will have to manually “change” their settings. Unfortunately, opting out of their “data collection” schemes actually take more time and effort to do, and as such users may be encouraged to select the default settings instead – which then fully allows these companies to extract data as they wish.
The report said that from an ethical point of view, Google and Facebook and other providers should be letting their consumers choose just how their data is used to serve tailored experiences and advertisements. However, setting the “default” as the least privacy-friendly isn’t exactly ethical – regardless of what the provider thinks is its legitimate intentions.
Meanwhile, the report also praised Microsoft for making it a bit easier for consumers to protect their data. Windows now has screens to let users choose to opt in or out of the system, with its new update for the Windows 10 having the same number of screen for such an options.
Unfortunately for Google and Facebook, not only is its default option the most harmful to privacy, changing anything is made cumbersome and unattractive. For instance, the “Accept and continue” option on Facebook’s settings appear to be very cold and blue, while its “Manage data settings” option is gray – both colors appear to be unsympathetic.
Not only that, but signals in terms of wording communicate language that is time consuming and hard-to-understand for users. This means only those who actually invested time and effort to read through settings will be the only ones capable of changing them – whereas the ideal option is to have this available for everyone.
For instance, opting into the process needs one single click, while opting out needs as much as 13 clicks.
In Google’s for instance, users need to click through at least 30 to 40 pages in order to just remove everything about location history.
The report said both sites have given users quite a lot of options to manage and assess. While Google did have its own privacy dashboard, it’s not exactly that encouraging for users to take control and change settings to their liking.
Interestingly, the report also cited the language used in some of the privacy options. For instance, Facebook actually encourages users into opting in to their facial recognition feature by saying, they won’t be able to “use the technology” if a “stranger uses your photo to impersonate you.” Interestingly, Facebook doesn’t revealed just how exactly will this facial recognition option be used in the first place.
As a result, users may eventually end up giving up their facial features for Facebook to use as a means to be able to provide targeted ads based on things like emotions.
Both Google and Microsoft were also found to be lacking in this regard. In fact, Facebook even rewards user behavior that lean towards their goals and punish those that don’t. In their “See your options” button, for people who don’t opt into the process, actually force them to either accept their terms or just delete their account entirely. For Google, opting out of their “ad personalization” option may not let users mute or block some advertisements.
While wording tricks and interface design may appear to be “innocent” manipulations that may not entirely be violations of GDPR policies, it’s important to remember that GDPR requires companies to implement privacy “by design.” What users have right now is data harvesting and intrusion via design and what appears to be limited privacy – unless one is willing to “waste” time trying to uphold what should be their basic right.
You May Also Like: