Privacy Deception

Manipulates users into unknowingly sharing more
personal data than intended

Prevalence

79%

of the applications (42 of 53) that we studied, used some form of Privacy Deception in their designs

Industry

E-commerce

accounted for 21% of occurrences, followed by cab booking, delivery & logistics, ed-tech, and streaming apps

App User Flow

Onboarding & Settings

is where Privacy Deception was commonly observed.

Understanding Privacy Deception

Have you ever agreed to an app’s terms & conditions without being able to read what the terms are?

Understanding Privacy Deception

By doing this, you are putting yourself at risk of privacy violations, data misuse, and other security issues.

Definition

A pattern that businesses employ to deceive
users into sharing more data than intended
through hidden settings and lack of context
in order to drive growth

Variants

Ways in which businesses utilise
Privacy Deception

Variant 1

Excessive Permission

Asking for permissions beyond what is necessary for its core functionality.

How does it affect users?

Users might grant permissions without knowing the full extent of data collection and usage.

Variant 2

Privacy Invasive Defaults

Settings that share extra data by default, with less restrictive privacy options, requiring manual opt-out.

How does it affect users?

User data is exposed without their knowledge, requiring them to manually opt-out of sharing.

Variant 3

Difficult Settings

Making privacy settings hard to find hinders users' access to data sharing terms and account management.

How does it affect users?

Without easy access to customising settings or terms, users are unable to take actions necessary to protect their privacy.

Variant 4

Difficult Deletion

Making it challenging for users’ to delete their account or personal information.

How does it affect users?

User data may remain accessible on platforms that do not allow deletion, even if they do not use the app anymore.

Ethical Alternatives

Ways in which design can address

Privacy Deception

Adidas
Adidas

Easy Opt-out

Make it simple for users to withdraw consent through discoverable settings.

Porter
Porter

Upfront Costs or Terms

Clearly explain terms of service or provide access to the detailed documents.

Yubo
Yubo

Just-in-Time Requests

Ask for data access only when truly needed for an action, and not all upfront.

Instagram
Instagram

Active Opt-in

Ensure explicit user consent by asking for it directly, rather than using pre-checked boxes that assume consent.

Nike
Nike

Granular Choices

Offer control over every point of data shared instead of asking for a single approval for all.

Meet up
Meet up

Contextual Transparency

Clearly explain the reasons for data collection, ensuring users understand the purpose and benefits of their data being collected.

Need more Inspiration?

View 50+ Ethical Alternatives to
Privacy Deception and other Deceptive Patterns