PI joins 20+ organisations to ask European data protection authorities to investigate whether companies are acting in accordance with GDPR

Photo: Forbrukerrådet

Photo credit: Forbrukerrådet

The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.

Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the letters can be found below.

Ailidh Callander, Legal Officer at Privacy International said:

As GDPR is implemented by companies, it is important to test how companies are making changes to their products and services to ensure that users’ privacy is protected. We call on regulators to investigate further the dark patterns in which NCC’s analysis suggests companies are deploying and engaging.

Notes to editors

NCC analysed how certain GDPR related pop ups and updates by Facebook, Google, and Microsoft appear to be trying to push users into sharing vast amounts on personal data through, in part, manipulative design choices.

  • 23 organisations in Europe are participating in some way
  • 12 of them are sending letters to authorities in 11 jurisdictions urging them to investigate. This include Denmark, France, Greece, Italy, Ireland, Netherlands, Norway, Slovenia, Sweden, UK, EU (EDPS/EDPB).