Facebook, Google and Microsoft have been accused of failing the General Data Protection Regulation (GDPR). Apparently, the platforms have been using “dark patterns” in order to manipulate users into accepting privacy policies they don’t necessarily wish to agree with.
According to the Norwegian Consumer Council (NCC), Facebook, Google and to some extent Microsoft, are running consumers out of privacy-friendly options on their services in an “unethical” way.
In a recently released 44-page report, NCC explains that these dark patterns include “privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy-friendly option requires more effort for the users”.
The report also claims that in cases where users chose to deny the policies, they were threatened “with loss of functionality or deletion of the user account”.
NCC in its report also called out Facebook and its facial recognition policy, which has been under scrutiny for a while. It says that if users chose not to opt for the tech, Facebook warns them that they “won’t be able to use this technology if a stranger uses your photo to impersonate you”.
Apparently, Google Dashboard has also been seen to “discourage users from changing or taking control of the settings or delete bulks of data.”
Microsoft, however, despite its “deceitful tactics”, was also praised by NCC for its requirement for users to actively opt into data collection.
Distancing itself from the report, Google told BBC, that it has taken all of the necessary steps to comply with the EU’s GDPR laws.
“Over the last 18 months, in preparation for the implementation of the EU’s new data protection regulation, we have taken steps to update our products, policies and processes to provide all our users with meaningful data transparency and straightforward controls across all our services,” a Google spokesperson said.
Facebook, on the other hand, said in a statement, “We have prepared for the past 18 months to ensure we meet the requirements of the GDPR. We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information.”