London, Tech giants Google, Facebook and Microsoft have been using “dark patterns” around privacy settings to discourage users in the European Union from exercising their privacy rights, according to a new report by the Norwegian Consumer Council.
The popups from Facebook, Google and Windows 10 have design, symbols and wording that nudge users away from the privacy friendly choices, said the study.
The consumer watchdog studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.
“The use of exploitative design choices, or ‘dark patterns’, is arguably an unethical attempt to push consumers toward choices that benefit the service provider,” the Norwegian Consumer Council said in its report.
It picked Facebook, Google, and Microsoft for the study as they are some of the world’s largest digital service-providers.
In this study, the Norwegian group looked at user settings updates in the three digital services that relate to the General Data Protection Regulation (GDPR) which came into force in May.
European service providers gave users a wide array of GDPR updates. Among these services, users of Facebook, Google’s services, and Windows 10 had to click through and approve update messages as part of the companies’ attempt to comply with the new legislation.
These popups contained references to new user terms, and presented a number of user settings related to the ways that the companies may collect, process, and use personal data.
This is not a problem in itself, but analysis of a sample of settings in Facebook, Google and Windows 10 by the group showed how default settings and “dark patterns” were used to nudge users towards privacy intrusive options.
The privacy intrusive defaults in Facebook and Google make users who want the privacy-friendly option to go through a significantly longer process, the report said.
They also obscure some of these settings so that the user cannot know that the more privacy intrusive option was pre-selected.
“At the same time, we find that the service providers employ numerous tactics in order to nudge or push consumers toward sharing as much data as possible,” the report, titled “Deceived by Design” said.
Besides privacy intrusive default settings and hiding away privacy-friendly choices, the service providers were found to be using “misleading wording”, giving users “an illusion of control”, and having a “take-it-or-leave-it” approach.