Facebook has promised to give users more control over what they share, but consumer advocates say the company has yet to deliver.
In fact, companies like Facebook and Google purposely design their apps’ interfaces to confuse users into giving up personal information, more than 30 consumer groups alleged in letters to the Federal Trade Commission on Wednesday. In the letters, the groups encouraged the FTC to investigate the companies and force them to implement more clear privacy settings.
The letters to the FTC were prompted by a new report from Norwegian Consumer Counsel Forbrukerrådet, which accused Facebook
of acting in “an unethical manner” by purposefully making it difficult for users to increase privacy protections on their sites. The report also accused the companies of giving consumers “take it or leave it” options, not allowing them to customize how much information they share. On Facebook, for example, when approving the company’s privacy policies, users have the option to either “accept” or “delete account.” In other words, if you object to the level of data Facebook is collecting about you, the only option is to leave the site.
“Facebook and Google make us share personal information with cunning design, confusing interfaces, and take it or leave it options,” Finn Myrstad, a researcher at Forbrukerrådet said. “Default settings should be least intrusive to our privacy, and we should be in control of how our info is being shared and used. They not provide us with meaningful choices.”
This comes after Facebook, Google, and most other companies that do business on the internet have tweaked their privacy settings in response to General Data Protection Regulation (GDPR) — a set of data-handling rules put forth by European Union regulators that went into effect on May 25. The Forbrukerrådet report, “Deceived by Design,” alleged that Google and Facebook use inaccurate pop-up messages to alert users of what information the companies are collecting about them.
“Companies employ numerous tricks and tactics to nudge consumers toward giving consent to disclosing as much data as possible for as many purposes as possible,” eight consumer advocacy groups, including Consumer Watchdog and the Electronic Privacy Information Center (EPIC) wrote in a joint letter to the FTC.
Google did not respond to request for comment on the letter. A spokeswoman from Facebook told MarketWatch that the company has been preparing for GDPR for the past 18 months and provides users options in both “short form” and “long form” to make it easier for consumers to understand.
“We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information,” she said. “In the run up to GDPR we asked people to review key privacy information which was written in plain language, as well as make choices on three important topics. Our approach complies with the law, follows recommendations from privacy and design experts, and is designed to help people understand how the technology works and their choices.”
The design flaws that the report alleges are likely not intentional, said Rishi Bhargava, co-founder at Demisto, a Cupertino, Calif.-based provider of security automation and orchestration and response technology. He said that companies that are trying to comply with GDPR are figuring out new boundaries as they go.
“Just like any [user experience] design challenge, the results are as good as the efforts,” he said. “In this case, most of the time and energy from [user experience] team goes into improving engagement with the user, rather than settings screen. If companies, such as Google and Facebook, put an emphasis on these settings, which they are, we will see a different outcome.”
But privacy advocates say the intentions of social media companies are not so innocuous. Facebook, which is free to use and worth more than $100 billion, makes most of its profit off user data. The company has “made strides” in recent years making privacy features more accessible, but has a long way to go, according to Neil Hughes, vice president of labs at security research strategy company One World Identity.
“Facebook’s entire business model is built on collecting your personal data and allowing them to track you around the web,” he said. “They have historically made it difficult for users to adjust these settings, burying them deep within the website or app, because it aids their business.”
Consumers concerned about privacy settings on Facebook can disconnect third-party apps from the platform. In response to the Cambridge Analytica scandal this year, 14% of users deleted their Facebook accounts. Users can also turn off location settings and limit visibility of posts on the site.