Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Facebook, Google ‘Manipulate’ Users to Share Data Despite EU Law: Study

Facebook and Google are pushing users to share private information by offering “invasive” and limited default options despite new EU data protection laws aimed at giving users more control and choice, a government study said Wednesday.

Facebook and Google are pushing users to share private information by offering “invasive” and limited default options despite new EU data protection laws aimed at giving users more control and choice, a government study said Wednesday.

The Norwegian Consumer Council found that the US tech giants’ privacy updates clash with the new General Data Protection Regulation (GDPR), which forces companies to clarify what choices people have when sharing private information.

“These companies manipulate us into sharing information about ourselves,” the council’s director of digital services, Finn Myrstad, said in a statement.

“(This) is at odds with the expectations of consumers and the intention of the new Regulation,” the 2018 study, entitled “Deceived By Design”, concluded.

Myrstad said the practices showed “a lack of respect for their users, and are circumventing the notion of giving consumers control of their personal data”.

The case for the new laws has been boosted by the recent scandal over the harvesting of Facebook users’ data by British consultancy Cambridge Analytica for the 2016 US presidential election.

Information for the report was collected from mid-April to early June, a few weeks after the EU rules came into force.

Advertisement. Scroll to continue reading.

– ‘Very few actual choices’ –

The report exposed that Facebook and Google often set the least privacy-friendly option as a default and that users rarely change pre-selected settings.

Privacy-friendly choices “require more clicks and are often hidden,” it said.

“In many cases, the services obscure the fact that users have very few actual choices, and that comprehensive data sharing is accepted just by using the service,” the study said.

But Facebook on Wednesday denied covering up the options for users and said they had prepared for 18 months to meet the GDPR requirements.

“We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information,” the company’s spokesman told Norwegian public broadcaster NRK.

The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web.

The social media giant and Google separately already face their first official complaints under the new law after an Austrian privacy campaigner accused them of forcing users to give their consent to the use of their personal information.

Companies can be fined up to 20 million euros ($24 million) or four percent of annual global turnover for breaching the strict new data rules for the European Union, a market of 500 million people.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.