Personally, I am that sort of privacy maven. I do find the "reject all" button for cookies; I use multiple plug-ins to block all of this stuff. And I don't think that personalised advertising is a fair trade for free things on the internet. As far as I'm concerned, every person that looks at a piece of content should get the same ad - permanently: when I look at an article from 1999, I should see the pets.com ad that originally ran with it; when I look at articles form 2006, I should see Enron ads, just like when I read a magazine from back then.
But I absolutely understand that I'm in the small minority who think like this.
Hey, a thing I know about! I worked in a company that had a huge data compliance team, so I can speak to this.
Quick background: "SQL tables" are how programmer and data analysts can access and use data in an intuitive manner. Engineers create "data pipelines" that put data into SQL tables in an efficient and automated manner.
So because of GDPR we couldn't put some Salesforce (customer relations) data into SQL tables without some long approval process from the compliance team. For what it's worse, I could easily download this Salesforce data, attach it to an email, and send it to literally anyone. In other words, keeping the data out of SQL tables secured no one, but GDPR applies to the SQL tables and not Salesforce itself for reasons.
So keeping the data out of SQL tables was pointless... but we didn't keep the data out of SQL. We needed the data for our jobs, so multiple teams would just say fuck it and manually upload the data to SQL tables. Until my last day, I was manually uploading this data while waiting for compliance to approve a data pipelines.
Basically, GDPR created extra compliance processes to allow people to do what they were doing anyway, and the data could have been attached to an email and sent out anyway.
May 17, 2022·edited May 17, 2022Liked by Jeff Maurer
I agree on your main point -- I'm no great fan of the GDPR & its idiot clicking nightmare, but I do care about privacy (as do many people I know) and take steps to minimize tracking, and I work in this field. So please forgive my "akshully" here, but for the record, "incognito mode" merely grants you privacy from your spouse (or anyone else who shares access to your computer) -- only local data is deleted, so it does exactly nothing to prevent you from being tracked online by the wider internet powers that be.
Privacy issues are all fun and games when it's someone trying to sell a humidifier, it gains a luster of some danger if it turns out to enable anti-abortion vigilantes using Texas' personal lawsuit law to track down people who left the state for abortions.
Sure, looks like people don't care about privacy. But... idk man, shouldn't they? My impression is that the reason people are okay with the lack of privacy is that we're largely inured to it. Older people are uninformed, and younger people have given up. But even if people don't care about the issue, doesn't mean it isn't an issue. And I'd say we're worse off, whether most people know it or not, with the boundaries of our tastes persistently reinforced by online advertisers.
Ok, I have to laugh, because today in my German class--possibly at the very moment this post dropped--a student who is Belgian was passing around Belgian chocolates so we could have a Swiss vs. Belgian chocolate taste-off. (For the record, even though I live in Switzerland, I prefer Belgian chocolate.)
I agree with you that most people are much less concerned with privacy than the EU authorities think, and that those “accept cookies” buttons on everything are super-annoying. Another issue is that my Google searches turn up an order of magnitude fewer results over here than they do in the US. That seems to me to be a much bigger problem than that I get suspiciously well-targeted ads for, to take one example, a special sling for your dog in case she injures herself on a hike.
> You probably wouldn’t want your credit card number to be public, but you might not care if a company knows that you “liked” some random YouTube video.
I am perfectly okay with my credit card number (occasionally) being leaked. It's a hassle and I would prefer it not happen, but if it does it's not *that* bad because I can change it and reverse any transactions done with it.
On the other hand, once my first pet's name is leaked, I can't change it.
Loved your humor, completely disagree with your conclusion. Included in the data that can be stored on your phone is not just that you visited LustyLasses.com but that your location was the Sisters of Charity Convent when you did. And maybe no one cares where I went but I don't want someone who spends Monday to Friday from 9 to 4:30 at a credit card company to be "discoverable" because then their data might give a clue to what their password might be. That's when your paid subscription to SupportAOC.org gets you arrested during the second Trump administration (2025 through they cancelled all future elections).
The big part of this that isn’t mentioned in the post is it hinders a Government state from buying and using seemingly innocuous information for nefarious means. (As in people could avoid cookies or other data saving on those sites to try to stay out of those data lists)
The examples I specifically think of are in nations where it is illegal to be gay, the Government buying data not even necessarily about porn but about people that may use gay chat rooms or similar sites and tracking down people using it. Similarly people doing things like buying equipment used for protests.
The modern EU countries wouldn’t be the prime suspects with this but:
1. It protects for the future in case they ever were to become extremely fascistic
2. As you say in the post, GDPR affects people all over the world so pushing countries that would be likely to do this away from that possibility is a good thing
There’s also a good podcast episode of Reasons to be Cheerful called ‘Data, Mine’ about similar issues here
I'm slightly curious (i.e. not curious enough to try to look it up myself) as to why the GDPR had a big impact when the EU had already had a Data Protection Directive for about 20 years, a directive that defined personal data similarly to the GDPR and so on. Is the difference just the DPD being a directive and the GDPR being a regulation?
To contribute an actual observation...I'll pick at the "advertising makes most of the internet go" concern. The GDPR doesn't ban advertising as such, so online companies relying on ads can still push ads without triggering GDPR requirements; they just can't TARGET ads based on individual information. So, faced with the prospect of the GDPR blowing a hole in the ad-subsidized Web, I'm pretty optimistic — advertising's still an option for funding free online stuff.
I feel like people would be more concerned about their privacy and more supportive of these sorts of laws if they could see how the data being collected now will get used in 5 or 10 years.
Right now, we've got big data collection but relatively small data relationship processing.
You might not have a problem with a company knowing which school you went to, or what brand of toothpaste you like. But, in a few years, when billions of those sorts of obscure data points are used to create a perfect model that knows 'you' better than you know yourself, and a potential employer or insurer or tinder date can buy or build or find it on an unsecured Amazon cloud server, it's a very different problem.
Human minds don't do well with exponential change. As much as news anchors might over-react about it now, the use of our personal data is actually still right at the bottom of the hockey stick chart.
I think ARE wrong in thinking that the EU will back off on the data law when it becomes clear it is having ill-effects and that people mostly don’t care about privacy. That’s not how the EU works. Let’s just say they have a lot of self-confidence.
Terrific post. I always have thought online privacy was totally overblown and I'm one of the billions who Accepts Cookies for everything (then maybe I clean the cache every 6 months or so). That said - online advertising has been such a hellscape for so long, I wonder if GDPR has had any positive knock-on effect in encouraging subscription-based models to sites and apps, as opposed to pure ad-supported models...?
I do all kinds of things to hide ads and not be tracked. (web containers, ad block plugins, pi-hole DNS server, VPNs etc) and I don't think this GDPR law has helped me in any way. Except to annoy me.
Personally, I am that sort of privacy maven. I do find the "reject all" button for cookies; I use multiple plug-ins to block all of this stuff. And I don't think that personalised advertising is a fair trade for free things on the internet. As far as I'm concerned, every person that looks at a piece of content should get the same ad - permanently: when I look at an article from 1999, I should see the pets.com ad that originally ran with it; when I look at articles form 2006, I should see Enron ads, just like when I read a magazine from back then.
But I absolutely understand that I'm in the small minority who think like this.
Hey, a thing I know about! I worked in a company that had a huge data compliance team, so I can speak to this.
Quick background: "SQL tables" are how programmer and data analysts can access and use data in an intuitive manner. Engineers create "data pipelines" that put data into SQL tables in an efficient and automated manner.
So because of GDPR we couldn't put some Salesforce (customer relations) data into SQL tables without some long approval process from the compliance team. For what it's worse, I could easily download this Salesforce data, attach it to an email, and send it to literally anyone. In other words, keeping the data out of SQL tables secured no one, but GDPR applies to the SQL tables and not Salesforce itself for reasons.
So keeping the data out of SQL tables was pointless... but we didn't keep the data out of SQL. We needed the data for our jobs, so multiple teams would just say fuck it and manually upload the data to SQL tables. Until my last day, I was manually uploading this data while waiting for compliance to approve a data pipelines.
Basically, GDPR created extra compliance processes to allow people to do what they were doing anyway, and the data could have been attached to an email and sent out anyway.
I agree on your main point -- I'm no great fan of the GDPR & its idiot clicking nightmare, but I do care about privacy (as do many people I know) and take steps to minimize tracking, and I work in this field. So please forgive my "akshully" here, but for the record, "incognito mode" merely grants you privacy from your spouse (or anyone else who shares access to your computer) -- only local data is deleted, so it does exactly nothing to prevent you from being tracked online by the wider internet powers that be.
https://www.vice.com/en/article/m7vzjb/location-data-abortion-clinics-safegraph-planned-parenthood
Privacy issues are all fun and games when it's someone trying to sell a humidifier, it gains a luster of some danger if it turns out to enable anti-abortion vigilantes using Texas' personal lawsuit law to track down people who left the state for abortions.
Sure, looks like people don't care about privacy. But... idk man, shouldn't they? My impression is that the reason people are okay with the lack of privacy is that we're largely inured to it. Older people are uninformed, and younger people have given up. But even if people don't care about the issue, doesn't mean it isn't an issue. And I'd say we're worse off, whether most people know it or not, with the boundaries of our tastes persistently reinforced by online advertisers.
Ok, I have to laugh, because today in my German class--possibly at the very moment this post dropped--a student who is Belgian was passing around Belgian chocolates so we could have a Swiss vs. Belgian chocolate taste-off. (For the record, even though I live in Switzerland, I prefer Belgian chocolate.)
I agree with you that most people are much less concerned with privacy than the EU authorities think, and that those “accept cookies” buttons on everything are super-annoying. Another issue is that my Google searches turn up an order of magnitude fewer results over here than they do in the US. That seems to me to be a much bigger problem than that I get suspiciously well-targeted ads for, to take one example, a special sling for your dog in case she injures herself on a hike.
> You probably wouldn’t want your credit card number to be public, but you might not care if a company knows that you “liked” some random YouTube video.
I am perfectly okay with my credit card number (occasionally) being leaked. It's a hassle and I would prefer it not happen, but if it does it's not *that* bad because I can change it and reverse any transactions done with it.
On the other hand, once my first pet's name is leaked, I can't change it.
Loved your humor, completely disagree with your conclusion. Included in the data that can be stored on your phone is not just that you visited LustyLasses.com but that your location was the Sisters of Charity Convent when you did. And maybe no one cares where I went but I don't want someone who spends Monday to Friday from 9 to 4:30 at a credit card company to be "discoverable" because then their data might give a clue to what their password might be. That's when your paid subscription to SupportAOC.org gets you arrested during the second Trump administration (2025 through they cancelled all future elections).
The big part of this that isn’t mentioned in the post is it hinders a Government state from buying and using seemingly innocuous information for nefarious means. (As in people could avoid cookies or other data saving on those sites to try to stay out of those data lists)
The examples I specifically think of are in nations where it is illegal to be gay, the Government buying data not even necessarily about porn but about people that may use gay chat rooms or similar sites and tracking down people using it. Similarly people doing things like buying equipment used for protests.
The modern EU countries wouldn’t be the prime suspects with this but:
1. It protects for the future in case they ever were to become extremely fascistic
2. As you say in the post, GDPR affects people all over the world so pushing countries that would be likely to do this away from that possibility is a good thing
There’s also a good podcast episode of Reasons to be Cheerful called ‘Data, Mine’ about similar issues here
I'm slightly curious (i.e. not curious enough to try to look it up myself) as to why the GDPR had a big impact when the EU had already had a Data Protection Directive for about 20 years, a directive that defined personal data similarly to the GDPR and so on. Is the difference just the DPD being a directive and the GDPR being a regulation?
To contribute an actual observation...I'll pick at the "advertising makes most of the internet go" concern. The GDPR doesn't ban advertising as such, so online companies relying on ads can still push ads without triggering GDPR requirements; they just can't TARGET ads based on individual information. So, faced with the prospect of the GDPR blowing a hole in the ad-subsidized Web, I'm pretty optimistic — advertising's still an option for funding free online stuff.
I feel like people would be more concerned about their privacy and more supportive of these sorts of laws if they could see how the data being collected now will get used in 5 or 10 years.
Right now, we've got big data collection but relatively small data relationship processing.
You might not have a problem with a company knowing which school you went to, or what brand of toothpaste you like. But, in a few years, when billions of those sorts of obscure data points are used to create a perfect model that knows 'you' better than you know yourself, and a potential employer or insurer or tinder date can buy or build or find it on an unsecured Amazon cloud server, it's a very different problem.
Human minds don't do well with exponential change. As much as news anchors might over-react about it now, the use of our personal data is actually still right at the bottom of the hockey stick chart.
I think ARE wrong in thinking that the EU will back off on the data law when it becomes clear it is having ill-effects and that people mostly don’t care about privacy. That’s not how the EU works. Let’s just say they have a lot of self-confidence.
Terrific post. I always have thought online privacy was totally overblown and I'm one of the billions who Accepts Cookies for everything (then maybe I clean the cache every 6 months or so). That said - online advertising has been such a hellscape for so long, I wonder if GDPR has had any positive knock-on effect in encouraging subscription-based models to sites and apps, as opposed to pure ad-supported models...?
Big Government ❤️ Big Business.
That is two wonderful, broadly libertarian themed posts in a week. Heaton must be rubbing off on you!
I do all kinds of things to hide ads and not be tracked. (web containers, ad block plugins, pi-hole DNS server, VPNs etc) and I don't think this GDPR law has helped me in any way. Except to annoy me.
Anyone else check out RaunchyMeterMaids.com?