Facebook’s GDPR Privacy Review Attempts to Railroad Users into Giving Consent
"We are introducing new privacy experiences for everyone on Facebook as part of the EU’s General Data Protection Regulation (GDPR), including updates to our terms and data policy," Facebook said in a blog post late last night. "Everyone - no matter where they live - will be asked to review important information about how Facebook uses data and make choices about their privacy on Facebook," the company claimed.
Facebook will begin asking its users in Europe to review their settings this week. For everyone else, the information presented and screens used will be different and it remains unclear when exactly users elsewhere will be asked to review these new policy terms or if they are similar to those required by the incoming GDPR protections.
The social network will also be rolling out its facial recognition feature to those in Europe and Canada where it wasn't previously allowed to since courts had ruled that Facebook was collecting biometric data without proper consent.
Apart from this, the company will require young users between 13 and 15 to get parental consent before they are targeted with ads. "Even where the law doesn’t require this, we’ll ask every teen if they want to see ads based on data from partners and whether they want to include personal information in their profiles,” Facebook said. However, since users are only required to select one of their Facebook friends or enter an email address - which could be their own alternative address - it makes sure teens don't actually have to go through their parents' approval.
Facebook's compliance with GDPR: Just click accept, ignore settings
Instead of giving equal focus to both "Yes" and "No" buttons, the new permission screens almost appear to be railroading users into giving consent, making them believe that without giving the platform these specific permissions, they won't be able to use the site. Instead of proactively telling its users they can decline sharing their data with advertisers, Facebook focuses on pushing them to "accept and continue."
Even the few who will click on the alternative to the "agree" button will find themselves facing even more text that tries to push them into accepting the change, taking another click to a third page before they can actually opt out.
Ahead of last night's blog post, the social networking giant had invited some members of the press in its continued face-saving efforts. While the headlines like "Facebook is rolling out GDPR for everyone" may be enough to keep most of its users happy, some believe that Facebook is using GDPR as a keyword to gain user trust without actually receiving informed consent as the rules require. The company is deliberately making it difficult for users to opt out - not forgetting how it will be able to get facial recognition data from its European and Canadian users.
TechCrunch's Josh Constine who was present at this press briefing suggested that the upcoming privacy review sounds like: "Just click accept, ignore those settings." In an in-depth review of the design choices made by the company, the report reads:
[Facebook is promoting a] design that encourages rapidly hitting the “Agree” button, a lack of granular controls, a laughably cheatable parental consent request for teens, and an aesthetic overhaul of Download Your Information that doesn’t make it any easier to switch social networks, Facebook shows it’s still hungry for your data.
Similar to how companies already encourage users to just hit that big AGREE button, Facebook is simply adding more text to the screens, trusting its users to never actually read this text and go ahead to click on the "agree" button. The X button, on the other hand, is a small icon at the top that doesn't get any attention.
In another low, the company that has recently rewritten its terms of service and data use policy is focusing on the "I ACCEPT" button. Those who dare to actually focus on the screen will spot a hyperlink "see your options," yet again confirming that the company is trusting its users will just continue hitting the agree buttons, breeze through these new policies and end up giving "informed" consent to the company without learning any more than they do now.
Here's an excerpt from TC's "flaw-by-flaw guide to Facebook's new GDPR privacy changes:"
[...] the fact that the button to reject the new Terms Of Service isn’t even a button, it’s a tiny ‘see your options’ hyperlink shows how badly Facebook wants to avoid you closing your account.
When Facebook’s product designer for the GDPR flow was asked if she thought this hyperlink was the best way to present the alternative to the big ‘I Accept’ button, she disingenuously said yes, eliciting scoffs from the room of reporters. It seems obvious that Facebook is trying to minimize the visibility of the path to account deletion rather than making it an obvious course of action if you don’t agree to its terms.
While some argue these are first steps in the right direction, privacy advocates believe this is only working in Facebook's favor since the company is managing to receive what it calls informed consent while engaging in the same old behavior. Some of this is also because of us, the end users, since we have helped the tech industry get away with most things by agreeing to everything they have asked of us.
"We're not asking for new rights to collect, use or share your data on Facebook, and we continue to commit that we do not sell information about you to advertisers or other partners," Facebook promises. "While the substance of our data policy is the same globally, people in the EU will see specific details relevant only to people who live there, like how to contact our Data Protection Officer under GDPR. We want to be clear that there is nothing different about the controls and protections we offer around the world."
At a time when the social platform is under perceived high scrutiny, the fact that Facebook is focusing on hiding the alternatives and pushing its users to hit the "accept" buttons while hoarding even more data through its facial recognition system is yet another sign that the time for self-regulation is over.