CookieKIT.it

Overloading - Continuous prompting (Annex checklist 4.1.1)
next
Variation A: In the first step of the sign-up process, users are required to choose between different options for their registration. They can either provide an email address or a phone number. When users choose the email address, the social media provider still tries to convince users to provide the phone number, by declaring that it will be used for account security, without providing alternatives on the data that could be or was already provided by the users. Concretely, several windows pop up throughout the sign-up process with a field for the phone number, along with the explanation “We’ll use your [phone] number for account security”. Although users can close the window, they get overloaded and give up by providing their phone number.

Overloading - Continuous prompting (Annex checklist 4.1.1)
next
Variation B: Another social media provider repeatedly asks users to provide the phone number every time they log into their account, despite the fact that users previously refused to provide it, whether this was during the sign-up process or at the last log-in

Overloading - Continuous prompting (Annex checklist 4.1.1)
next
Example 2: A social media platform uses information icon or question mark icon to incite users to take the “optional” action currently asked for. However, rather than just provide information to users who expect help from these buttons, the platform prompts users to accept importing their contacts from their email account by repeatedly showing a pop-up saying “Let’s do it”.

Overloading - Privacy Maze (Annex checklist 4.1.2)
next
Example 17: On its platform, the social media provider makes available a document called “helpful advice” that also contains important information about the exercise of data subject rights. However, the privacy policy does not contain any link or other hint to this document. Instead, it mentions that more details are available in the Q&A section of the website. Users expecting information about their rights in the privacy policy will therefore not find these explanations there and will have to navigate further and search through the Q&A section

Overloading - Privacy Maze (Annex checklist 4.1.2)
next
Example 33: Information to withdraw consent is available from a link only accessible by checking every section of their account and information associated to advertisements displayed on the social media feed.

Overloading - Continuous prompting (Annex checklist 4.1.1)
next
Example 34: In this example, when users create their account, they are asked if they accept their data to be processed to get personalised advertising. In case users do not consent at sign-up to this use of their data, they regularly see - while using the social network - the prompting box illustrated above, asking if they want personalised ads. This box is blocking them in their use of the social network. Being displayed on a regular basis, this Continuous prompting is likely to fatigue users into consenting to personalised advertisement. Furthermore, in this interface the Hidden in plain sight pattern48 is also used, as the action to accept ads is far more visible than the refusing option

Overloading - Too many options (Annex checklist 4.1.3)
next
Example 35: Users are likely to not know what to do when a social media platform’s menu contains multiple tabs dealing with data protection: “data protection”, “safety”, “content”, “privacy”, “your preferences”.

Overloading - Privacy maze (Annex checklist 4.1.2)
next
Example 37: Related topics, such as the settings on data sharing by the social media provider with third parties and vice versa, are not made available in the same or close spaces, but rather in different tabs of the settings menu.

Overloading - Privacy Maze (Annex checklist 4.1.2)
next
Example 46: Here, information related to data protection rights is available on at least four pages. Even though the privacy policy informs on all the rights, it does not redirect to the relevant pages for each of them. Conversely, when users visit their account, they will not find any information on some of the rights they can exercise. This Privacy Maze forces users to dig through many pages in order to find where to exercise each right and, depending on their browsing, they might not be aware of all the rights they have.

Overloading - Privacy Maze (Annex checklist 4.1.2)
next
Example 47: In this example, users wish to update some of their personal data but do not find a way to do it in their account. They click on a link (1) redirecting them to the Question & Answer page where they enter their question (2). Several results appear (3), some related to the rights of access and deletion. After checking all results, they click (4) on the link available in the “How to access your data” page. It redirects them to the privacy policy (5). There, they find information on additional rights. After reading this information, they click (6) on the link associated with the exercise of the right to rectification which redirects them to the user account (7). Unsatisfied, they go back to the privacy policy and click on a general link “Send us a request” (8). This brings users to their privacy dashboard (9). As none of the available options seem to match their need, users eventually go to the “exercise of other rights” page (10) where they finally find a contact address.

Overloading - Privacy Maze (Annex checklist 4.1.2)
next
Example 51: Users are looking for the right to erasure. They have to call up the account settings, open a sub-menu called “privacy”, and have to scroll all the way down to find a link to delete the account