The Norwegian Consumer Council has joined other international consumer and privacy groups to issue a report 'Deceived by Design' as a plea to have consumer concerns to be discussed by the European Data Protection Board. In California, the state has passed a new privacy law which includes some aspects of the General Data Protection Regulation (GDPR).

Norway leads the attack

The Norwegian body, Consumers International, Privacy International, the European Consumer Organisation (BEUC) and ANEC, say large internet companies are manipulating the public into sharing personal details while giving the illusion of control. The report examines the information and consent pop-ups that Microsoft, Google and Facebook presented to users as part of the implementation of the GDPR. It concludes that these pop-ups provided users with more granular choices regarding consent to uses of their personal data, companies employed ‘tricks and tactics’ to ‘nudge or push’ consumers toward giving consent to sharing as much data for as many purposes as possible. These include privacy-intrusive default settings, giving users an illusion of control, "dark patterns" such as hiding away privacy-friendly choices, and take-it-or-leave-it choices. It says the approach of these companies takes away agency from individuals and nudges them towards the less private options. Facebook and Google have set the least privacy-friendly choice as the default. They cite that research has shown that users rarely change standard, pre-selected settings, wording and design present sharing personal data and the use of targeted advertising as exclusively beneficial, often in combination with threats of lost functionality if users decline, and layout is often confusing. The say argue the services obscure the fact that users have very few actual choices, and that comprehensive data sharing is accepted just by using the service. The feeling of control may also convince users to share more information.

New law hi-tech heartlands

In the hi-tech heartlands of California, governor Jerry Brown has signed a major privacy law to give consumers broad privacy rights giving Californians increased control over their personal data. When the law goes into effect, people living in the state can tell companies to stop collecting or selling their personal data. The Internet Association, a lobbying group representing major tech companies including Facebook, Google, Uber, Amazon and Microsoft, said in a statement there wasn't enough public debate about the bill called Bill AB 375, or the California Consumer Privacy Act, which lets regular internet users ask for the data a company has collected on them and whom the data has been sold to. The rights in the new law are similar to some sections of the European Union's new privacy law, the (GDPR), though it doesn't enact a set deadline for notifying consumers of a data breach, which the GDPR does. The GDPR creates the possibility of large fines potentially exceeding 40 million euros for violators.