Skip to main content

Google, Facebook Accused of Using UI ‘Dark Patterns’ to Get Users’ Data

Google privacy flowchart.
(Image credit: NWC)

The Norwegian Consumer Council (NCC), a government agency established in Norway with the purpose of protecting consumers’ rights, has released a new analysis in which it accuses Google and Facebook of using user interface (UI) “dark patterns” to capture data from potentially unwilling users.

Dark patterns represent a UI design crafted with the purpose of tricking users into agreeing with things that are not necessarily in their interest.

Deceived by Design

Both Google and Facebook have constantly repeated that their users’ privacy is important to them, even as the privacy scandals or lawsuits against them have kept ramping up. The NCC released a report, called "Deceived By Design," that says these two companies routinely “deceive” users through the interface design they pick for pages where a user may have to consent to giving up their data.

The report says Google and Facebook have “privacy-intrusive default settings” and misleading wording, giving users a false sense of control. The two companies also hide away certain privacy-focused options or present their users with a “take it or leave it” choice.

Facebook GDPR popup


NCC also notes that the design elements on Google and Facebook platforms nudge users away from the privacy-friendly choices. The choices are also worded in a way to compel users to enable the features that the companies want them to enable. Google and Facebook also threaten users with account deletion if users don't select the so-called privacy intrusive option.

Facebook privacy settings mobile


Facebook gives users the impression of control over what third parties can do with their data, something Mark Zuckerberg has emphasized in the recent Congressional hearings, but in reality the platform offers users limited control, NCC claims. NCC also accused Google of making deleting data it stories on users and navigation of its privacy dashboard too difficult.

GDPR Compliance in Question

NCC questioned whether or not Google and Facebook are in compliance with the European Union's (EU's) General Data Protection Regulation (GDPR), which took effect in May, when they employ tactics that trick users into freely giving their “consent.” The principle of freely given consent, as required by GDPR, may have been violated when users aren’t aware that more privacy-friendly options are available to them, or when the companies threaten them with account deletion otherwise.

None Of Your Business (nyob), a  European civil rights non-profit founded by privacy activist Max Schrems, has already filed a complaint in the EU against Google and Facebook for billions of dollars over the companies’ similar violations under the GDPR. Schrems will likely use this report by the NCC to strengthen his case, so it remains to be seen if Google and Facebook will react by moving away from their use of UI dark patterns.

  • cyaros
    the abbreviation is noyb, not nyob.
    Reply
  • WyomingKnott
    It's European. Like putting the date before the month.
    Reply
  • kenjitamura
    Anyone else tired of hearing that Europeans are making common sense laws regulating what internet companies should be able to do while the US sits on their thumbs? No? I'm the only one? We're so ******.
    Reply
  • USAFRet
    21097792 said:
    Anyone else tired of hearing that Europeans are making common sense laws regulating what internet companies should be able to do while the US sits on their thumbs? No? I'm the only one? We're so ******.

    Not really.
    Your "data" is shared with those companies, and the companies they work with. Because you give it to them.
    It is not supposed to be "shared" to any other entity.

    Until some contractor leaves his laptop on the train one afternoon.

    We saw this multiple times, with the British 'Data Protection Act'.
    Very strong rules, until some clown messes it up. No matter what the law...your data is still out in the wild.

    Until we see some CEO's and CIO's go to actual prison, this will continue to happen.
    Reply
  • USAFRet
    21097792 said:
    Anyone else tired of hearing that Europeans are making common sense laws regulating what internet companies should be able to do while the US sits on their thumbs? No? I'm the only one? We're so ******.

    "The German sporting-goods giant announced yesterday..."
    http://www.tomshardware.com/forum/id-3734566/adidas-data-breach-impact-millions.html
    Reply
  • almarcy
    I have been a software geek since before the world's militaries were told there was any use for a computer network by civilians. Relax, there is more than one way to find out why think you have any privacy. Don't Worry, Be Happy.
    Reply
  • lackokelemen83
    But if I had someone's data I'd be a criminal. Because it's "a cooperation, nothing will happen. Capitalism for ya. When will the world wake up n see that we don't need government's and ideologists to control the world population. I pray for a revolution every day.
    Reply
  • almarcy
    "None of your damn business." is the ancient response to pollsters that I was taught by Mr. Norton, my high school Humanities teacher in 1964. FYI
    Reply
  • Mousemonkey
    21097115 said:
    It's European. Like putting the date before the month.

    Nah, it's a typo. If you hover your cursor over the hyperlink it does show as noyb.eu.
    Reply
  • WyomingKnott
    Err, that was a jest. Damn! People don't take me seriously when I need them to, and then do take me seriously when I'm joking. I would cut out the joking, but my brain would probably explode.
    Reply