Norwegian study finds Google and Facebook manipulate users to share data despite GDPR

A recent study by the Norwegian government has found that Facebook and Google push users to share private information by using “invasive” and limited default options.

The Norwegian Consumer Council’s Deceived By Design report suggests that the tech giants’ privacy updates clash with the new GDPR (General Data Protection Regulation).

In a statement, the council’s director of digital services, Finn Myrstad, said that the “companies manipulate us into sharing information about ourselves”, demonstrating “a lack of respect for their users, and […] circumventing the notion of giving consumers control of their personal data”.

The practices are at odds with both consumer expectations and the intention of the GDPR.

Focusing on the weeks immediately following the Regulation’s introduction, the report found that Facebook and Google opted users into settings deemed the least privacy-friendly, with the more privacy-friendly options often hidden and requiring more clicks to access.

The study also said, “In many cases, the services obscure the fact that users have very few actual choices, and that comprehensive data sharing is accepted just by using the service.”

Facebook has rebuked the study and stated that it prepared for 18 months to meet the GDPR’s requirements. “We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information,” a Facebook spokesperson told Norwegian public broadcaster NRK.

Complaints have been made against Facebook and Google under the GDPR. In May, Austrian privacy campaigner Max Schrems accused them of forcing users to consent to the use of their personal data.

GDPR compliance guide 

You can find out more about the GDPR’s lawful grounds for processing and its other requirements by reading EU General Data Protection Regulation – A Compliance Guide.

This free green paper provides an overview of the key changes introduced by the GDPR, the scope and impact of the Regulation, and the areas that organisations need to focus on.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.