Facebook, Google and Microsoft push users away from privacy-friendly options on their services in an “unethical” way, according to a report by the Norwegian Consumer Council.
It studied the privacy settings of the firms and found a series of “dark patterns”, including intrusive default settings and misleading wording.
The firms gave users “an illusion of control”, its report suggested.
Both Google and Facebook said user privacy was important to them.
The report – Deceived by Design – was based on user tests which took place in April and May, when all three firms were making changes to their privacy policies to be in compliance with the EU’s General Data Protection Regulation (GDPR).
It found examples of
- privacy-friendly choices being hidden away
- take-it-or-leave it choices
- privacy-intrusive defaults with a longer process for users who want privacy-friendly options
- some privacy settings being obscured
- pop-ups compelling users to make certain choices, while key information is omitted or downplayed
- no option to postpone decisions
- threats of loss of functionality or deletion of the user account if certain settings not chosen
For example, Facebook warns anyone who wishes to disable facial recognition that doing so means that the firm “won’t be able to use this technology if a stranger uses your photo to impersonate you”.
The report concluded that users are often given the illusion of control through their privacy settings, when they are not getting it.
“Facebook gives the user an impression of control over use of third party data to show ads, while it turns out that the control is much more limited than it initially appears,” the report said.