Ever since the General Data Protection Regulation came into effect, tech companies have been the hardest hit by the new user-friendly rules. It has been known for a long time that tech companies exploit user data more than any other type of business. With the Cambridge Analytica scandal of Facebook coming to light, it is certain that tech companies will get their hands on consumer data by hook or by crook, and are unrepentant about it.
The GDPR has made things a little hard for them, especially with the steep penalties. According to the regulation, companies dealing with consumer data within the European Union have to disclose all the data they have, how long they intend to retain it for, and what purposes they plan to use it for.
If the data is shared with third parties, then that also must be clearly disclosed. Users also have to right to not allow companies to collect their data and to opt out later even if they had consented earlier.
The problem is, once people know the level of data breach tech companies indulge in all the time, no one will allow their data to be collected anymore, let alone retain or share with third parties. Tech companies survive on data and are unsurprisingly trying to find ways to fool people.
A report published by the Norwegian Consumer Council claims that tech companies like Google, Facebook, and Microsoft are using various tricks to fool people into not choosing privacy friendly settings, giving their users an “illusion of control” in the process.
The report adds that these companies are using “dark patterns” to discourage EU users from using their privacy rights. The websites of Google, Facebook, and Windows 10 are making use of language, symbols, and design that turn users away from the privacy-friendly choices.
The consumer watchdog has also noticed intrusive default settings and misleading wording, to confuse users and lead them away from choosing privacy.
Tech Companies Dodging GDPR
A month into the GDPR taking effect, it was noticed that it had become standard for the tech giants to merely update the language of their privacy policies with our actually changing their behavior.
This superficial compliance has been noticed with all tech companies, including Facebook and Google. Even though they have included privacy friendly choices for consumers, they have made the process long and complicated so that they eventually give up.
The report titled Deceived by Design also read that the default choices in all of the above sites were privacy intrusive, while users who want the privacy-friendly options are made to follow a significantly longer process. Some of the settings are also obscured so that users don’t get to know about the privacy-intrusive options that have been pre-selected.
At the same time, the consumer group also found that the companies employ various sly means to urge people into sharing as much data as possible.
Take It or Leave It
The take it or leave it approach of the most famous and widely used tech companies of the world begins with the color of the buttons: color of the buttons: The “Accept and continue” option on Facebook is blue and bright, while the “Manage data settings” option is in gray and less significant.
Moreover, those who select the latter option are explicitly told that the following choice are hard to understand and are time-consuming. In fact, it takes 13 clicks to choose the privacy-friendly options and a single click for the intrusive options.
It isn’t any different with Google. Besides, it is also hard to delete data that’s already been collected, such as location history. Deleting all that data requires clicking through some 40 pages.
Facebook and Google have also been criticized for using language that encourages consumers to agree to data collection. Facebook validates the intrusive face-recognition feature with this: “If you keep face recognition turned off, we won’t be able to use this technology if a stranger uses your photo to impersonate you.”
However, the notice has no mention of how the company misuses the feature for violating user privacy. As everyone is aware, face recognition is used for targeted advertising based on the emotional state of the person as identified from the facial profile or to identify users when they would prefer to remain anonymous.
Google is no less guilty. There is no warning about the negative impact of personalized ads. Users are just told that they will get to see less useful ads when their personal information might also be used for political campaigning. Facebook has two options for those who don’t want to accept data collection: go back to the terms and conditions or simply deleting your account.
GDPR calls for privacy by design, but in reality, users either have to comply with data collection or simply stop using the services. European regulators should take note of these malpractices and take stern action.