Online companies exploit mindless compliance during users’ privacy decision making to avoid liability while not impairing users’ willingness to use their services. These manipulations can play against users since they subversively influence their decisions by nudging them to mindlessly comply with disclosure requests rather than enabling them to make deliberate choices. In this paper, we demonstrate the compliance-inducing effects of defaults and framing in the context of a Facebook application that nudges people to be automatically publicly tagged in their friends’ photos and/or to tag their friends in their own photos. By studying these effects in a Facebook application, we overcome a common criticism of privacy research, which often relies on hypothetical scenarios. Our results concur with previous findings on framing and default effects. Specifically, we found a reduction in privacy-preserving behaviors (i.e., a higher tagging rate in our case) in positively framed and accept-by-default decision scenarios. Moreover, we tested the effect that two types of justifications—information that implies what other people do (normative) or what the user ought to do (rationale based)— have on framing- and default-induced compliance. Existing work suggests that justifications may increase compliance in a positive (agree-by-) default scenario even when the justification does not relate to the decision. In this study, we expand this finding and show that even a justification that is opposite to the default action (e.g., a justification suggesting that one should not use the application) can increase mindless compliance with the default. Thus, when companies abide by policy makers’ requirements to obtain informed user consent through explaining the privacy settings, they will paradoxically induce mindless compliance and further threaten user privacy.
Anaraky, R. G.,
Knijnenburg, B. P.,
Exacerbating Mindless Compliance: The Danger of Justifications during Privacy Decision Making in the Context of Facebook Applications.
AIS Transactions on Human-Computer Interaction, 12(2), 70-95.