Types ›

Nagging

The user tries to do something, but they are persistently interrupted by requests to do something else that may not be in their best interests.

Definition

Nagging is a form of adversarial resource depletion. Every time an app or a website interrupts the user with a request to do something, this depletes the user's time and attention. This is like a tax that the provider imposes on users who do not want to comply with the provider's wishes. Although the cost is non-financial, it adds up and eventually becomes non-trivial. At this point the user may decide that it’s more cost effective to just give in and agree to whatever the provider is asking for, even if it is against their best interests.

Example

In 2018, Instagram aggressively nagged users to turn on notifications, repeating this regularly over a period of months. Users were not able to reject the request entirely – their only option to reject was "Not Now", which allowed the nagging to continue. (Reported by Gray et al., 2018. Image source: guidingtech.com)

References

Nagging (Gray et al., 2018).

No items found.

Related laws

GDPR - Article 04(11)
EU & UK

Consent is a voluntary agreement by an individual for their personal data processing, after being informed of its specific purposes and conditions.

Privacy and Electronic Communications (EC Directive) Regulation 2003 - Regulation 22
EU & UK

Regulates the use of electronic communications for direct marketing purposes, including requirements for consent, opt-out options, and cookie disclosure.

GDPR - Article 06
EU & UK

Legal basis for processing personal data are performance of contract, legal obligations compliance, protection of vital interests, controller's legitimate interests, and data subject's consent.

GDPR - Article 12
EU & UK

Ensures transparent information and easy access for individuals to their personal data processing, with the right to obtain a copy in a clear and common format.

GDPR - Article 13
EU & UK

Controllers must provide identity, contact details, processing purposes and legal basis, recipient information, retention period, and data subject rights when collecting personal data.

GDPR - Article 21
EU & UK

Gives individuals the right to object to the processing of their personal data in certain situations.

GDPR - Article 32
EU & UK

Requires controllers and processors to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

GDPR - Article 42
EU & UK

Outlines the certification mechanisms available for demonstrating compliance with the regulation.

GDPR - Article 43
EU & UK

Mentions certification bodies as a potential entity to provide accreditation and certification for data protection compliance.

Privacy and Electronic Communications (EC Directive) Regulation 2003 - Regulation 21
EU & UK

Prohibits unsolicited electronic marketing communication without prior consent, except in certain circumstances.