Websites, apps exacerbate privacy complexities for users: OAIC

  • Yasmine Raso
  • 17 July 2024

The results of the latest annual Global Privacy Enforcement Network (GPEN) Sweep of global websites and mobile applications revealed almost all employed strategies that put users’ privacy at risk.

This year’s GPEN Sweep occurred from 29 January to 2 February 2024 with 26 global participants, as well as support from the International Consumer Protection and Enforcement Network (ICPEN) for the first time.

Sweepers analysed the websites and apps using a matrix developed by the Organisation for Economic Co-operation and Development (OECD) which identified five key indicators as being characteristic of deceptive design patterns.

According to a statement from the OAIC, deceptive design patterns “use features that steer users towards options that may result in the collection of more of their personal information. These patterns may also force users to take multiple steps to find a privacy policy, log out or delete their account, or present them with repetitive prompts aimed at frustrating them and ultimately pushing them to give up more of their personal information than they would like”.

The five indicators used to collect the results were complex and confusing language, interface interference, nagging, obstruction and forced action. The sweepers recreated the user experience of over 1,000 websites and apps to examine how easy it was to make privacy choices, obtain privacy information, and log out of or delete an account.

“More than 89 per cent of privacy policies were found to be long or use complex language suited for those with a university education,” the OAIC said commenting on the results.

“When asking users to make privacy choices, 42 per cent of websites and apps swept used emotionally charged language to influence user decisions, while 57 per cent made the least privacy protective option the most obvious and easiest for users to select.

“Thirty-five per cent of websites and apps repeatedly asked users to reconsider their intention to delete their account.

“In nearly 40 per cent of cases, sweepers faced obstacles in making privacy choices or accessing privacy information, such as trying to find privacy settings or delete their account.

“Nine per cent of websites and apps forced users to disclose more personal information when trying to delete their account than they had to provide when they opened it.”

The sweep confirmed to both GPEN and ICPEN that a large amount of websites and apps use tactics to inhibit users’ ability to make informed choices that best protect their right to privacy and rights as a consumer.

“The Sweep was not an investigation, nor was it intended to generate formal findings regarding confirmed violations of privacy legislation,” the statement from the OAIC said.

“However, as in previous years, concerns identified during the Sweep could not only result in follow-up work, such as outreach to organisations, but may also lead to the initiation of enforcement action to address identified concerns.

“Decisions on further specific enforcement action will be made by each GPEN member independently.”

Share This Post
Related News
artificial intelligence
Australia a ‘big mover’ on AI use, sentiment: Google survey
tech policy
ANU’s tech policy centre develops into non-profit ‘think tank’
David Sandell CI-ISAC
Fines aren’t the only answer to Australia’s financial data breach problem
icare
NSW’s icare announces new CEO
AGL energy
AGL, Appian partner on “retail transformation” project

This site uses cookies. Find out more about cookies and how you can refuse them.

I Accept