They Think Privacy Policies are a Game. Is it Time You Learned How to Play It?
Consent grab is easier to spot than people think. Let’s learn by example.
Data grifters have learned to swindle their audiences out of mountains of data by hiding in plain sight and using verbose, often contradictory statements in their “privacy policies”. Their hope is to confuse, disarm and hopefully exhaust their reader… and it works most of the time, doesn’t it?
The problem is, that reader is often you or me… and I don’t know about you, but where I come from, there are penalties when a company lies and takes my stuff. Whether you skim policies (as you should) or diligently read them (you might need to detox afterwards), here are the Claudiu’s Top 5 hints that someone is trying to pull the wool over your eyes:
- Monetization? They claim they won’t sell your data, but they just might sell the whole company along with your data.
This so-called privacy promise isn’t worth the recycled electrons used to display it.
2. Sharing? They will absolutely not share your data, except with the faceless people they choose to arbitrarily share it with.
3. Control? You have full control over your data, just don’t test that statement, because you’ll be disappointed.
4. Surveillance? There are tracking cookies and third-party analytics you can totally control… as long as you don’t expect to turn them off, because — you know — things might not work as expected if you do. And that would be a pity.
Never mind that. Did you know that cookies are small? Well, now you know.
5. Security? Your data is perfectly secure in their custody, but no system is secure so your data is as secure as a non-secure system. What’s not to like?
Just a reminder that we really can’t secure your data, but if we believe it hard enough…
Feeling a bit lightheaded? That’s just the cognitive dissonance kicking in.
Don’t worry, the feeling will pass just as soon as you report them to the Privacy Commissioner. Don’t worry, you’re not being a pest. It helps other people to protect their rights and it prompts companies to improve their privacy compliance with help from their friendly Privacy Commissioners.
If you do nothing else today, go ahead and take a load off by reporting your kids’ school’s edtech company, your bank, your telco or just about any website whose practices you’re dissatisfied with after making fair and good faith efforts to get satisfactory answers from their Privacy Officer (a responsible contact should always be readily listed at the bottom of every privacy notice).
Naturally, Canada’s Privacy Commissioner is not always the appropriate institution to contact. Use this handy downloadable guide on filing complaints with other agencies and…enjoy the process. It’s designed specifically to help you and your family get answers from the organizations that want to borrow and use your information.
End note: if you landed here because I may have quoted your site’s privacy policy and you would like me to remove it to prevent further embarrassment, all you need to do is ask. I’ll happily obscure your name, or remove your quote altogether. Failure to ask implies consent. Natch!
Claudiu Popa is a certified privacy professional with a particular set of skills. Skills that he uses to make presentations on data protection around the world, partner with Privacy Commissioners to publish books such as the Canadian Privacy and Data Security Toolkit, contribute to the profession with privacy frameworks on privacy engineering and privacy by design, and generally help organizations to fine-tune their privacy posture as the president of Canada’s most fascinating personal information protection compliance company: Managed Privacy Canada.
Why not reach out and say hello on LinkedIN, Facebook or Instagram?
References:
