Facebook recently said that most of the 2 billion people on their platform had their personal data scraped. The reason, aside from Facebook’s appallingly sloppy controls over access to data, is defaults.

Yesterday, Mark Zuckerberg admitted that most people kept their privacy settings in the default configuration, allowing almost anybody to scrape their data. Facebook set up the defaults that way to allow them to sell more advertising. They just set things up in an incredibly stupid and careless fashion.

Dan Ariely and other behavioral economists have done much research on the power of defaults. Pre-checking boxes works, sometimes in ways that are unintended, as Facebook has learned. As marketers, we use defaults for things like ship-till-forbid and negative option sales systems. Those tools will have to be rethought in the EU when GDPR goes into effect in May.

I hope that Facebook’s irresponsible data protection policies will result in something like GDPR in the U.S. although that probably won’t happen in today’s regulatory regime. I believe that EU has done the right thing with consent under GDPR.

An interesting talk on defaults from Dan Ariely: