Nagging is a form of adversarial resource depletion. Every time an app or a website interrupts the user with a request to do something, this depletes the user's time and attention. This is like a tax that the provider imposes on users who do not want to comply with the provider's wishes. Although the cost is non-financial, it adds up and eventually becomes non-trivial. At this point the user may decide that it’s more cost effective to just give in and agree to whatever the provider is asking for, even if it is against their best interests.
Definition
Example
In 2018, Instagram aggressively nagged users to turn on notifications, repeating this regularly over a period of months. Users were not able to reject the request entirely – their only option to reject was "Not Now", which allowed the nagging to continue. (Reported by Gray et al., 2018. Image source: guidingtech.com)
References
Nagging (Gray et al., 2018).
Related laws
Consent is a voluntary agreement by an individual for their personal data processing, after being informed of its specific purposes and conditions.
Regulates the use of electronic communications for direct marketing purposes, including requirements for consent, opt-out options, and cookie disclosure.
Legal basis for processing personal data are performance of contract, legal obligations compliance, protection of vital interests, controller's legitimate interests, and data subject's consent.
Ensures transparent information and easy access for individuals to their personal data processing, with the right to obtain a copy in a clear and common format.
Controllers must provide identity, contact details, processing purposes and legal basis, recipient information, retention period, and data subject rights when collecting personal data.
Gives individuals the right to object to the processing of their personal data in certain situations.
Requires controllers and processors to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Outlines the certification mechanisms available for demonstrating compliance with the regulation.
Mentions certification bodies as a potential entity to provide accreditation and certification for data protection compliance.
Prohibits unsolicited electronic marketing communication without prior consent, except in certain circumstances.
Related cases
Compliance order and reprimand
£36,000 in fines