Not too long ago Google was fined €50 million for GDPR violation in France. This is one case in a series of fines the EU has issued to companies for going against GDPR law. Though it is the largest fine up to date, it surely will not be the last one.
Why do companies need your personal data? What should you be looking for in an online service, that seems useful to you regarding the use of your personal data?
Needed Usage
Let’s face it, we need to know something about you, when we want to offer some personalized service. To be able to store your preferences and your personally collected data, there has to be a possibility to identify you. You have to be discernible from other online users.
If you do not need personalization, then an online service should be fine with your anonymous online presence. As soon as you want to be able to store data online between two distinct visits to some online service, some way of identifying you as a returning user is necessary.
A verifiable email address is a valid token to identify you as a unique returning customer for a service provider. An email address is of advantage for you? You can create an infinite amount of email addresses, that have not to have a resemblance to your real name. So you are relatively save to use it in public.
As soon, as you want to or have to pay for some service provided to you, you have to partially reveal your real presence. But wait! You may not have to reveal your real identity to your service provider. It might just be to a trusted third party (like say PayPal), that does not necessarily share your identity data with service providers. Though they use their payment functionality. Service provider can opt not to use the revealing API (like unouit.com for example).
But wait, there even exists a totally anonymous payment option, that is at least available in some countries (in the meanwhile), like AntePAY. You buy anonymously a non-personalized payment card. You can use it then in your online transactions, given the service provider accepts the card.
Unnecessary, but Acceptable Usage
If a website generates some additional value for you as a user, then it might be acceptable to cede some additional information about yourself, to obtain the additional service. But you are advised to be deliberate about whether the additional service is of real value for you.
Just ponder for a moment all the giveaways (for example from conferences) that clog your drawers and that you throw away when you are about to move.
In any case you still need the comfort to know, that this information is not used for other non-declared purposes.
Unacceptable Usage
Well, unacceptable usage of personal information makes the biggest part of data gathered about you on the internet. And almost everybody does it. At least in the European Union you are a little bit better protected (and have more rights) because of the GDPR law in vigor since May 2018. Websites at least have to declare what part of your personal data they use for what purpose and you have the right to have your data deleted, when it is not necessary for any legitimate legal or commercial purpose.
Unacceptable usage encompasses:
- To target you with tailor-made advertisement. Or is it your problem, that the service provider is not capable to earn money without selling ads?
- Selling your personal data (and the profile of your surfing habits) to 3rd parties. This should be an absolute no-go.
- Using your personal data to sell you additional products of 3rd parties or of it own portfolio. This might be acceptable only if you have to explicitly opt in for each product. There should be no general opting-in, without making it transparent to you what kind of product is offered by which company.
This is by no means a conclusive list. The companies around the globe come up with new dubious usages every minute. They are very creative.
What to Watch Out For
It is very difficult to be on the safe side when surfing the internet today. And it will not get and easier in the future. Here some hints that can help you to stay safe and to make the right decision, when in doubt:
- Decide for yourself what your personal privacy is worth.
- If privacy is important, then try to err on the side of privacy over the side of complacency and comfort. You might loose a bit of behavior on certain websites. While other websites will just stop working when trying to access them protected. But are those websites really worth it? Just reflect about it.
- Use tools that protect you privacy actively and at all time like independent browsers that protect you at least from some trackers (like Mozilla Firefox, to name just one). Or use safer search engines like DuckDuckGo. Or use our tool that protects you all around and helps you focus on what is really important on the web: Unouit.
- Stay away from websites that are known to sell your identity and surfing profile. Here are some articles talking about this problem: The Independent, Newsweek and a nice infographic at the Visual Capitalist.
- Consider stopping to use websites that have a track record of data breaches where personal data of user was stolen in the past. Her a list maintained at Wikipedia.
- Remove accumulated data about yourself, if possible. Here is an article describing ways to clean the usage data Google accumulates about you.