BeReal’s relentless consent practices under fire from privacy watchdog noyb

This year has witnessed several social media giants taking fire for their questionable data privacy practices. From TikTok’s failing grade for protecting children’s privacy, to X’s AI training process breaking EU law, BeReal has become the latest platform to attract the attention of data privacy experts. 

Claiming to give a “genuine glimpse into your real life”, BeReal has swiftly risen to prominence, securing its spot among the leading social media platforms today. Once per day, the app prompts its millions of users to snap a pic, capturing a moment from their day and sharing it with their friends. This spontaneous approach encourages authenticity and real-time sharing, setting BeReal apart from other social media platforms. 

So what has triggered the latest complaint from privacy agency noyb? 

A ‘dark pattern’ at play? BeReal’s approach to accept versus reject

Since July 2024, BeReal users in the EU have been presented with a consent banner upon opening the app. Seemingly harmless at first glance, this banner requests permission for data collection and usage, but many users have reported that the prompts are persistent and difficult to decline. This aggressive approach to obtaining consent has led to a formal complaint from the privacy agency noyb, which argues that BeReal’s practices may violate EU privacy regulations. 

Consent requests are nothing new and are a key requirement of the European Union’s General Data Protection Regulation (GDPR). Failing to provide a request for consent can result in significant consequences, with non-compliance being an expensive mistake for organizations to make. 

For BeReal, their insistent method of obtaining consent involves displaying a banner every time users try to make a post, which only vanishes once users agree. 

As stated in noyb’s latest press release, BeReal’s relentless consent prompt is a “prime example of a so-called dark pattern, designed to manipulate the users’ decision and annoy them into consent.” 

By pressuring users to consent to their data collection practices, BeReal may have breached GDPR regulations, which mandate that consent must be “freely given.” This means that users should have the genuine option to refuse consent without facing persistent prompts or negative consequences. noyb argues that BeReal’s approach undermines this principle, potentially putting the app at odds with EU privacy laws. 

Examples of dark patterns in privacy

BeReal’s example of persistent consent pop-ups is one example of deceptive designs in privacy practices, but what else are organizations doing to unethically gather user consent? 

• Opt out consent: Users are presented with a consent banner that has been pre-filled, thus requiring them to uncheck a box in order to opt-out  
• ‘Accept all’ consent: This design restricts users to accepting all consent options, rather than being able to consent to specific data use 
• Implied consent:  A tactic in which the use of a site or service is considered as consent in and of itself 

These dark patterns have the potential to hinder users’ ability to freely give their consent to data collection, which can lead to privacy concerns. When users are misled or manipulated into giving consent, they might not fully understand what data is being collected or how it will be used.  

In the case of BeReal, users might be encouraged to share more personal data than they realize. The app’s design could nudge users into sharing their location, photos, and other personal information without fully understanding the implications.

The importance of “freely given” consent

Dark patterns can be detrimental to consumer trust when it comes to the sharing of their personal data. Not only contributing to fines and legal issues, but these manipulative practices also raise serious ethical concerns surrounding an organization’s respect for users, which can significantly tarnish reputation.  

Under GDPR, consent must be given voluntarily, without any form of coercion or manipulation, allowing users to make informed decisions about their data.  

By honoring this, organizations can begin to build trust with their consumers, which enhances customer satisfaction and fosters loyalty. Consequently, effective consent management practices can become a strategic advantage for organizations. 

Final thoughts

The noyb complaint against BeReal underscores the vital importance of freely given consent and serves as a reminder for organizations to prioritize their privacy efforts, beginning with a secure and scalable Consent Management Platform (CMP). 

When it comes to obtaining consent, organizations should never resort to dark patterns to manipulate their users. Treating consent as a check-box activity can lead to improper privacy practices, legal friction, and significantly harm consumer trust. 

Instead, organizations should prioritize transparent and ethical consent practices, ensuring that users have a genuine choice and control over their data. Using a consent management solution, organizations can streamline their compliance efforts and build a foundation of trust with their users.