GDPR is very Personal

It is a personal post. Not that it is annivarsary of GDPR so I am very emotional due to that but because to me, GDPR is very personal and I hope you don’t mind.

Personal Letter

When was the last time you sent a letter? I do not mean letter to tax office, employment agency, or invoice to customers. Real ones?

When I was younger, it was the most joyful thing to write and then send a letter. I knew, I could write whatever I want to write, my girl friend could read, and I could get letters from here. Everything was private, everything was between two of us, and so emotional, so special, so joyful.

Now, instead of letters we send emails, fb messages, we whatsup, we viber, we hangout, we telegram.

I was sure that I was almost confident that, my letters were not opened, I had this trust. Because I could put signs in a way that I could let receiver notice that whether my envolope opened or not.

Yes, it was an analog process and now we are living in the era of digital. Now things changed. Now we whatsup, messangers, twitt, email each other.

I would like to continue with nice example Peter Krantz gave when he was CIO of Swedish National Library.

Just to illustrate how communication has changed I would like to use analogy of lending a book from library. Peter Krantz, who is CIO of National Library presents it like this:

You, as a user just lend the book and everything  between library and you. Now, when you read a digital book, there are many different stakeholders as stated in the picture. I have no control of use of this information.

But don’t get me wrong, I think we don’t even need GDPR and we can fully trust companies and states.

Who ever complains about privacy, talks about human rights etc, these are some bunch of crazy people who live in dillutional world.

Echelon

When I was younger, were were told some consipracy theories that there is a secret ECHELON program that collects and stores all digital communication. It was crazy. Why there should be an organization like this? Why should they collect all these data?

But now we know it is the fact. We know because we have evidence provided by Edward Snowden. We know that because there are whistleblowers. Governments are not hiding it anymore. They just do that to protect us from terrorists! Companies are not hiding it. They accept that they collect data, take our consent, as if we could have another option and use it.

As a result, governments, and public bodies, creates, collects, stores and holds lots of critical information about us. It is not only our name, street address and registration number. It is our health data, it is our videos recorded by security officers, it is our photos and voice recordings when we enter and leave the countries at the airport. It is our photos (and may be even voice) when we stop at stoplight, it is our fingerprints when we enter (some) countries or get a new passport and driving license.

Governments ask us to trust them, private companies ask us trust them.  As I said, I trust all!. When I read “personalized content” I just understand that “Oh boy, great they are recording and following us for my safety and security”.

Trustcorp.

“The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your requests”

“We will share personal information outside of Google if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:”

Let me give explain what this means in practice for TrustCorp:

They  collect personal information like your name, email address, telephone number or credit card. They can collect our phone number, which is not core business, they can collect identifieir of my phone, again, I did not buy phone from them, they can see all calls, dates, durations, type of calls, nothing mentioned about whether they also record my calls or now (may be, who knows?) Then, they can collect information about the websites I visited, what worked what crashed, all location information that they can identify from any sensors, wireless pot around, information about my local storage.  Look, storage is interesting actually: It is like a IKEA knowing how much space I still have empty in my wardrobe and received regular updates about my space in wardrope, is not it?

If you think this information is too much, no it is not! If they think they might need more information from me, then they will notify me, if it is something notifiable, and they will ask my explicit consent, meaning that, I have accept their terms and conditions otherwise I cannot check my emails, check maps etc. I will not have this option: “No, I reject but still use the service as I was using before.”. I can not reject and use old version either! I will have the only and the one great option: Consent!

Not only these company have our data, they can also share all these data to

 “companies, organizations or individuals outside of TrustCorp if we have a good-faith belief”

They can share with individuals. Who can be these individuals? and if TrustCorp have “a good-faith belief”. What is “good” and whose “faith” is it?

TrustMEtoo CORP

Now my second example is from another TrustMEtoo corporation. This is the one that usually tries to improve their privacy and just deflect the questions. Let me explain how this company was used by Trump before the election: Parscale uploaded the names, email addresses, and phone numbers of known Trump supporters into the TrustMEtoo advertising platform. Next, Parscale used TrustMEtoo’s

Custom Audiences from Customer Lists” to match these real people with their virtual TrustMEtoo profiles. With TrustMEtoo’s “Audience Targeting Options” feature, ads can be targeted to people based on their TrustMEtoo activity, ethic affinity, or “location and demographics like age, gender and interests. You can even target your ad to people based on what they do off of TrustMEtoo.”

Parscale then expanded Trump’s pool of targeted TrustMEtoo users using “Lookalike Audiences”, a powerful data tool that automatically found other people on TrustMEtoo with “common qualities” that “look like” known Trump supporters. Finally, Parscale used TrustMEtoo’s “Brand Lift” survey capabilities to measure the success of the ads.

Then data was shared with trustable organizations and individuals to create their own database and then there was Project Alamo where 220 M American data were stored with approximately 4,000 to 5,000 individual data points.

What I was saying: we should trust corporations and TRUMP governments, right?

Muslim Registry

Do you remember, when there as a time, when people were scared that Trump would register Muslims in USA? Honestly, why were we scared that TRUMP is going to register Muslims in USA?

Honestly, do you really think he is going to register by one by, as of today, I guess we all know that he is not stupid that he was presented to us by our “objective” media. He already have the registry, as one of my friends shared at her Facebook post how Muslims were able to receive specific letters from churches and how innovative way of reaching the church is presented (it is from 2016).

I am not against of any religion practice, but I am not sure if we all are OK that any organization, company can get that detailed list?

Shall we trust companies? OH Yes!

Trust Governments

I think not only companies, but all governments are trustable, let me give you an example:

Let me give you first example from a state:

“According to a half dozen current and former employees, who spoke on the condition of anonymity, leaked Procera documents and internal communications, Turk Telekom requested not just a feed of subscribers’ usernames and passwords for unencrypted websites, but also their IP addresses, what sites they’d visited and when.” Forbes, October 2016

This except is  an old news from Forbes, when Turkish states technology provider company asked a Canadian company to  give access to “usernames and passwords for unencrypted websites, but also their IP addresses, what sites they’d visited and when”. We could only hear about this because they had Swedish branch and Swedish employees and CEO, and they protested, and CEO resigned. What if they did not? What if there are some companies that do not care about these issues but just profit from it?

Private Fridays and Privacy of Health Data

It is not only about when we use the service, with every device we are adding to our life, corporations are so trustable that they start to dare to say be careful what you say next to their voice activated devices. You don’t need to worry about private talks or moments or Friday nights with your partner anymore! Your dear friend Alexa will take care of it!

If you want to have some private moment and do not want them to hear and see, go to storage room! Wait a moment, maybe we already put a camera there!

Now we have covid-19 and some countries are making mandatory for people to provide input to some specific apps and go regular screening about their health with specific tools and cameras. They claim that it will ONLY be used for Covid-19. Let me give you a great example and ongoing discussion about PKU- blood registry in a very democratic and open country: Sweden.

PKU is a genetic disease and parents are asked to donate their kids’ blood for PKU clinical & health research. Majority of people, for the Samaritan reasons donated their kids’ blood.

You know what happened? In 2003 after assassination of Foreign Minister Anna Lindh, police were able to identify the perpetrator by means of blood samples from the PKU database, despite protests by the health service. When identifying Swedish citizens after the 2004 tsunami disaster, the Biobank Act was temporarily amended by a parliamentary decision that allowed the International Identification Commission to use the samples,

Imagine, they tell you to give permission of your newborn baby to be taken for the research to cure diseases, and you decide to donate. Now it can be used by police and international commission!

Imagine that you are “that kid” and your blood is registered to a database without your own consent and what if government decides to open these databases to not only police but insurance providers, to find your preconditions, genetic diseases that can be shared by companies that are trustable as I described above!

Privacy is Creativity

Imagine the world we are entering, we are recorded registered from our birth from our blood to our every move, by different companies, states and governments where we are supposed to trust them and they can share this information..

There are tons of studies on privacy and cameras etc. These sociological studies conclude that, behavior becomes conformist and as accepted by the power owners, as expected by power elite and we can basicly conclude that creativity, freedom, and resistance to power, actually humanity dies!

Think for a moment, what if Hitler had all these survalience technology we have now?

Hitler Selfie - Imgur
Ref: Mary Jane Sunshine https://imgur.com/gallery/D7ZYCTO

What could we do in order to protect ourselves with the all political and technological power he would have!

Privacy of Personal Data

I hope my examples above show why and how data privacy is very important for citizens.
But I have to make a distinct difference here. When government representatives talk about privacy and security, they ONLY refer privacy and security of government files. The problem with that context is that, these governments do not care about privacy of citizen data, do not care about privacy of, basically, “mydata”.


How much can we trust that google, Samsung, Microsoft and any other private companies will protect our data? What gives them this right to collect so much information about every one of us, every device of us?

I am not here to draw a negative picture, but we must face the reality and define problems properly without falling into ideological trap so that come up with suggestions. Because whenever people raise their voices, these organizations create an environment that privacy advocates are bunch of radical people who does not get the new world!

But just think about: How many of you know how your data collected and treated?

You are being told that it is anonymizer, right? but which level? I am sharing you my anonymized pictures!  Which one is stored in the database?

Encryption, right? I know a company promised so, please search for Asley Maddison, but then all their database is leaked, and data was easily seen, and people lost their reputation, several people committed suicide. People trusted the company that is regulated by state rules but in the end, their privacy is comprimised!

Ok Serdar, the DrZero, you complained a lot, are there any solution: Yes

There are many solutions, but I want to keep this discussion for future posts, first, we should see that these are about everybody and about each of us!

All these “trustable” companies and governments are pushing us to the corner by saying: (As once Google CEO Eric Smith did)

Trust us we are good guys!and

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place

Edward Snowden has an answer to them:

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say

I think I have right to flip the sentence here:

Hey Dear Companies and Dear States, If you do not want to share how you store our data, encyrpt our data, how you process the data,  then you have something to hide!

We put our trust in states, they are not able to protect our data! We put trust in government, they do not do anything to protect individuals! We put trust in private companies but they are being hacked and actually they abuse their power.

Google, Microsoft, Samsung, Facebook and all governments, human right activists, citizens need to understand more broadly that ignoring personal privacy in the data era, we not only let invasions of our personal space, but open the door to future abuses of power.

We have all the tools and the technology available to address all these problems. I just want to have my right of privacy and want to have private communication as I had with the physical letters years ago! Is it too much?

https://lakartidningen.se/opinion/debatt/2017/04/freda-pku-registret/

One Reply to “GDPR is very Personal”

  1. “PKU is a genetic disease and parents are asked to donate their kids’ blood for PKU clinical & health research. Majority of people, for the Samaritan reasons donated their kids’ blood.”

    I remember when our daughter was born, and yes it was almost expected that you should consent to use of her blood for PKU. We did not consent.

    The murder of Anna Lindh (2003) led to the use of PKU donated blood on a manhunt for the culprit. In a good cause, yes, but still a misuse of blood collected in the name of research to prevent unnecessary deaths of babies.

Leave a Reply

Your email address will not be published.