As the new General Data Protection Regulation (GDPR) is implemented across Europe, users of digital services have been confronted with new privacy settings through numerous pop-up messages. Unfortunately, The Norwegian Consumer Councils just published analysis demonstrates that companies appear to have little intention of giving users actual choices.
– These companies manipulate us into sharing information about ourselves. This shows a lack of respect for their users, and are circumventing the notion of giving consumers control of their personal data, says Finn Myrstad, director of digital services in the Norwegian Consumer Council.
The Norwegian Consumer Council and several other consumer and privacy groups in Europe and the US are now asking European data protection authorities to investigate whether the companies are acting in accordance with the GDPR and US rules.
Sharing by default
Through the Consumer Council’s analysis of the companies’ privacy pop-ups, it is made evident that consumers are pushed into sharing through;
Cunning design choices
– Data protection law requires that companies make it easier for users to make clear and informed choices, and that they let users take control of their own personal data. Unfortunately, this is not the case, which is at odds with the expectations of consumers and the intention of the new Regulation, says Finn Myrstad.
Comments from BEUC and Privacy International
Monique Goyens, Director General of The European Consumer Organisation (BEUC):
– Companies have to respect the letter and the spirit of the GDPR. This report demonstrates that many global digital household names still have a long way to go to do just that. European consumer organisations will continue to be vigilant, expose misconduct and work together with regulator to improve the system.
Ailidh Callander, Legal Officer at Privacy International:
– We welcome this analysis by the Norwegian Consumer Council. As GDPR is implemented by companies, it is important to test how companies are making changes to their products and services to ensure that users’ privacy is protected. We call on regulators to investigate further the dark patterns in which NCC’ analysis suggest companies are deploying and engaging.