Evaluating Cognitive Privacy Heuristics that Influence Facebook Users Data Disclosure

Privacy protection has been a challenging issue in online social networks, such as Facebook, Instagram, and Snapchat. The General Data Protection Regulation (GDPR), which protects the privacy and security of individuals, entered into force on May, 2018. This regulation intends to enhance individuals' control and rights over their own data, guided by lawfulness, loyalty, transparency, adequacy, purpose limitation, need, or minimization. However, despite regulatory efforts to protect personal data online, users are prone to consent to disclose more personal information than they intend and tend to reveal more than they know. With this in mind, the main goal of this study is to carry out a heuristic evaluation of the online social network Facebook to identify the factors that influence the disclosure of user information and verify informed consent. For this, we carried out a survey of cognitive heuristics that influence individuals' decisions to protect or renounce their privacy. Then, using these heuristics, we conducted a heuristic evaluation on Facebook to explore a significant presence of cue triggers for a specific cognitive heuristic that helps users make their decisions. We found on Facebook a notable amount of heuristics that increase information disclosure, such as modality and narrative. However, the intrusiveness heuristic was also detected, violating the Privacy by Design (PbD) principle of "Privacy as the Default Setting". Accordingly, understanding the number and diversity of suggestions (heuristics) to which users are susceptible allows the creation of explicit guidelines addressing privacy concerns.