Privacy Disasters

A chronicle of what happens when techbros watch "Black Mirror"

and think "I should build that!"

Have you found a privacy disaster in the wild?

I share Privacy Disasters posts (and a few others)
from my main blog, Privacat Insights. You should subscribe!

Wanna read other nerdy things?
CLICK IT

Privacy Disasters: The Privacy CESspool by Carey Lening

So many terrible ideas, so little time to rant about CES 2025.

Read on Substack

Privacy Disasters: Microsoft Keeps Stepping in It by Carey Lening

Microsoft releases the Torment Nexus v. 2.

Read on Substack

Privacy Disasters: FaceHuggers Are Eating Your Skeets by Carey Lening

This is a post about the current mishegoss related to Hugging Face and Bluesky's firehose, and how both companies are largely fucking over their users.

Read on Substack

Privacy Disasters: 23andMe, and You, and Our Genetic Data by Carey Lening

Or, I was young and foolish in 2013, and now I'm very concerned.

Read on Substack

Privacy Disasters - LinkedIn Spies With its (Not-So) Little AI by Carey Lening

This one's a bit different from a normal PD because I actually have something positive to say for once. No, not about LinkedIn, but about the Digital Markets Act.

Read on Substack

Calmara: The Final Outcome by Carey Lening

... Eventually, FAFO comes and bites you.

Read on Substack

Privacy Disasters: AI Spy-Wearables, and the Scourge of Competing Friendants by Carey Lening

Wherein, I break down why 'always-on' wearable tech is a blight on humanity, and share a mock DPIA covering two competing 'Friend' Pendants.

Read on Substack

Privacy Disasters: Microsoft, Just Because You Can by Carey Lening

... Doesn't mean you should. Here's why.

Read on Substack

Privacy Disasters: A Depressingly Regular Series by Carey Lening

A friend on Bluesky shared the Calmera app with me on Bluesky, and now I am raging internally.

Read on Substack

Frequently Asked Questions

Short answer: Because I can?

Longer answer:

We live in a timeline where startups and even established companies continue to flagrantly ignore our rights to privacy, autonomy, choice, and self-determination by releasing truly awful shit into the world.

This business model is extremely successful and it really shouldn't be. VCs are literally throwing money at awful, dystopian nightmare fuel, and that really sucks.

So, one day, I came across a newly released application for scanning private parts and I decided to write about it. I was also a tad bit tipsy at the time. I gave this post a special title -- Privacy Disasters -- and did a mini-DPIA of sorts.

It turns out, I like writing these posts, and people really like reading them. Also there's plenty of awful to write about, so here we are.

A good data protection friend of mine (who is amazing, and you really should hire him) registered the privacydisasters dot com domain name and gave it to me, so of course, I had to create a new website (mostly) just featuring these posts from the main Privacat Insights blog.


Under the General Data Protection Regulation (GDPR), if you plan to do something with personal data that could potentially create a high risk to an individual, the law says you should undertake an assessment of those risks. This is called a 'data protection impact assessment' or DPIA. The US has a kinda-similarish-looking thing called a PIA, but uegh, it's not really the same.  


As a data protection consultant/DPO, I do DPIAs for clients all the time. These DPIAs are extremely comprehensive, provide a detailed, thorough risk assessment to the client, and include clear, actionable guidance for how to fix what's wrong. They are honest, professional, and go deep into the legal, organizational, and technical weeds of the processing activity or system that is being assessed.  

I am a weirdo who actually happens to like doing DPIAs, and I've gotten rather good at them.

Since I'm a weirdo, and tech companies seem to be turning out hot garbage that invades our rights and freedoms at regular clips, I decided that it would be funny for me, and hopefully a little educational (for them) to do a smaller, way less serious, more snarky version of a DPIA.  

I call this a 'mini-DPIA'. It is by no means designed to be comprehensive. It's mostly me pointing out the glaringly obvious from a data protection perspective. Sure, there's a bit of law in there, but mostly this is just me saying 'Yo guys, you really should have thought about this a smidge before you launched your latest dystopian disaster into the world'.  


No. No it is not. 


I'm not getting paid by anyone to do this, and I'm not prognosticating on what they should do. I am simply pointing out that based on publicly-available information here are the kinds of questions I would have considered if I was involved in their rollout process as a consultant or DPO, and that would hopefully be addressed before launch. I am, of course, happy to be paid by one of these companies to perform a true DPIA, though, so HMU if you're interested.

The real point of this site and the disasters content generally is to provide a little cautionary-tale fodder for startups and tech companies who might have similar ideas for products/services. 


Absolutely. Feel free to reach out and email me or click on any of the socials below.