Privacy Disasters

Short answer: Because I can?

Longer answer:

We live in a timeline where startups and even established companies continue to flagrantly ignore our rights to privacy, autonomy, choice, and self-determination by releasing truly awful shit into the world.

This business model is extremely successful and it really shouldn't be. VCs are literally throwing money at awful, dystopian nightmare fuel, and that really sucks.

So, one day, I came across a newly released application for scanning private parts and I decided to write about it. I was also a tad bit tipsy at the time. I gave this post a special title -- Privacy Disasters -- and did a mini-DPIA of sorts.

It turns out, I like writing these posts, and people really like reading them. Also there's plenty of awful to write about, so here we are.

A good data protection friend of mine (who is amazing, and you really should hire him) registered the privacydisasters dot com domain name and gave it to me, so of course, I had to create a new website (mostly) just featuring these posts from the main Privacat Insights blog.

Under the General Data Protection Regulation (GDPR), if you plan to do something with personal data that could potentially create a high risk to an individual, the law says you should undertake an assessment of those risks. This is called a 'data protection impact assessment' or DPIA. The US has a kinda-similarish-looking thing called a PIA, but uegh, it's not really the same.  

As a data protection consultant/DPO, I do DPIAs for clients all the time. These DPIAs are extremely comprehensive, provide a detailed, thorough risk assessment to the client, and include clear, actionable guidance for how to fix what's wrong. They are honest, professional, and go deep into the legal, organizational, and technical weeds of the processing activity or system that is being assessed.  

I am a weirdo who actually happens to like doing DPIAs, and I've gotten rather good at them.

Since I'm a weirdo, and tech companies seem to be turning out hot garbage that invades our rights and freedoms at regular clips, I decided that it would be funny for me, and hopefully a little educational (for them) to do a smaller, way less serious, more snarky version of a DPIA.  

I call this a 'mini-DPIA'. It is by no means designed to be comprehensive. It's mostly me pointing out the glaringly obvious from a data protection perspective. Sure, there's a bit of law in there, but mostly this is just me saying 'Yo guys, you really should have thought about this a smidge before you launched your latest dystopian disaster into the world'.  

No. No it is not. 

I'm not getting paid by anyone to do this, and I'm not prognosticating on what they should do. I am simply pointing out that based on publicly-available information here are the kinds of questions I would have considered if I was involved in their rollout process as a consultant or DPO, and that would hopefully be addressed before launch. I am, of course, happy to be paid by one of these companies to perform a true DPIA, though, so HMU if you're interested.

The real point of this site and the disasters content generally is to provide a little cautionary-tale fodder for startups and tech companies who might have similar ideas for products/services. 

Absolutely. Feel free to reach out and email me or click on any of the socials below.

---