Your favourite tech companies are trying to trick you into giving up your data, and a new study shows how they’re using design to do it.
A study from the Norwegian Consumer Council dug into the underhanded tactics used by Microsoft, Facebook and Google to collect user data.
The study comes in the wake of the European Union’s newly-enacted GDPR laws designed to protect users from predatory data collection, and Facebook’s own controversy involving the sharing of users’ personal data.
“The findings include privacy intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy friendly option requires more effort for the users,” states the report, which includes images and examples of confusing design choices and strangely worded statements involving the collection and use of personal data.
One example cited is Facebook’s GDPR-related popup, which makes the “Agree and continue” option much more appealing and less intimidating than the grey “Manage Data Settings” option. And, according to the report, the company-suggested option is the easiest to use.
“This ‘easy road’ consisted of four clicks to get through the process, which entailed accepting personalised ads from third parties and the use of face recognition. In contrast, users who wanted to limit data collection and use had to go through 13 clicks.”
Trying 41 shades of blue to measure which one is most appealing is one (weird) thing, but making it more difficult for your own users to hold tight to their data is another.
Google makes opting out of personalised ads more of a chore than it needs to be, and uses multiple pages of text, unclear design language, and, as described by the report, “hidden defaults” to push users toward the company’s desired action.
“If the user tried to turn the setting off, a popup window appeared explaining what happens if Ads Personalisation is turned off, and asked users to reaffirm their choice,” the report explained.
“There was no explanation about the possible benefits of turning off Ads Personalisation, or negative sides of leaving it turned on.”
Those who wish to completely avoid personalised ads must traverse multiple menus, making that “I agree” option seem like the lesser of two evils.
Microsoft’s data collection options in Windows 10 were somewhat more respectful of user data collection, the study found. Still, it’s quite clear which option Microsoft wants users to choose.
“For example, if the user wanted to opt out of ‘tailored experiences with diagnostic data’, they had to click a dimmed lightbulb, while the symbol for opting in was a brightly shining bulb,” says the report.
“For the choice to let apps use an Advertising ID, the ‘Yes’ choice was accompanied by an arrow hitting its target, while the ‘No’ choice had an empty target. The opt-in choice was also always placed at the top. These are nudges towards clicking yes.”
To Microsoft’s credit, the number of clicks to opt-out is equal to the number required to opt-in.
Of course, the companies seemingly have no intent to stop collecting as much data on users as possible. Even with a two-year head start in complying with the EU’s set of privacy laws, both Facebook and Google were accused on day one of violating the GDPR by not giving users the option to stop sharing data without requiring them to delete their account.
We reached out to Google, Facebook and Microsoft for comment on the report, but had not heard back at time of writing.