Sorry, I’m not going to sign my personal information box
Sometime before the pandemic broke out, I was in Madrid for one of the recordings of Xataka Live. I no longer live there and that ends at midnight, so I spent the night in the capital. When I arrived at the hotel with my boss —the final boss of Engadget– and we ask to do the check-in, the receptionist told me that I also had to sign “this little sheet”. He said it as if it were another procedure, but I read the DIN A5 and it made me look like a black moon emoji: that document was an authorization to the treatment of my data by the hotel. And I dropped the bomb: “I’m sorry, but I’m not going to sign this.”
Something short-circuited in the receptionist’s head for a couple of seconds, probably used to the servile autograph asking no questions. “But if it is only the transfer of data,” he replied. “Sure, that’s why,” I told him. I considered for a couple of seconds whether I was going to be inflexible, but I came to the conclusion that this authorization could only be useful if the hotel needed to call me on my mobile for an emergency or if I forgot something. I was going to spend the night there only one night and the next day I would leave first thing in the morning, so if the hotel needed to communicate with me, I would meet in my room, and I would be careful not to leave any shoes under the bed when I left. Any other use of my data would be for the benefit of the hotel, not mine.
Meanwhile, my boss looked at the ground with the face of “I’ve already seen this movie, I know how it ends and I don’t like the ending.” The receptionist made a face of incomprehension, he told me “okay” and I went to sleep thinking that damn the time it was normalized to go asking for email and mobile to cultivate a free database to which spammear.
Serve this anecdote to illustrate the terrifying time that we have lived in terms of privacy. Data is the new gold and this war is of smartass versus innocent, malicious versus misinformed. “Sign here, it is only a procedure” and then fry the victim to text messages and advertising emails, when not sharing them with the cousins of a third party and losing control. In the age of the attention economy, minimizing useless notifications empowers the human being.
The entry into force of the GDPR almost three years ago he left a bitter aftertaste: it has freed us users from a few dirty tricks by certain companies – it should not be forgotten that some, instead of adapting, directly closed their doors, like Klout or Favstar, a terrible symptom—, but leaving the possibility of ticking a box that gives companies enough width to use their data with just a few rules of the game in the hands of civil society does not seem like sufficient containment.
Perhaps the GDPR could have gone further than leaving data processing in the hands of signing a box that is often presented as mandatory and about which little information has been given.
Or is it that someone has made sure that civil society is sufficiently trained and informed to make a conscious decision? Step with the preferred ones and today all are regrets. What makes us think that the ending of this movie will be different? Instead of money we will lose privacy, but that privacy also has a value, and every day it increases.
I am riding to death on the bandwagon of the European Union, its protection in terms of privacy – we are in the best territory in the world in this sense – and its ability to deal with the excesses of big technology; But if a wheel came off the other day, I’m not going to pretend that everything is fine. It-needs-something-more.
Because Laws are not made solely for learned citizens and with training in privacy and data protection, they are made for everyone. And a law that implies leaving up to the citizen whether to sign or not to sign a box, if it is not accompanied by a great generalized training that makes the implications of that signature understood, is like a cupcake without a glass of milk.
This scenario is having a clear consequence: employees spreading little sheets that even they don’t understand to clients who understand them even less so that everything continues -almost- the same as before. Except when someone hack the system for two seconds refusing to sign.
When they ask for all your data but you are not even a customer
It has not been the only occasion in which I have refused to sign one of these boxes, or directly to give my data. The pattern of insistence and misunderstanding is common. At the beginning of 2019 I visited a gym to see their facilities – I just wanted to see them before deciding whether to sign up or not – and at the end of the visit they asked me for my name, surname, date of birth, ID, email, telephone number and address Postcard. I insist: I had only gone to see him. The conversation continued like this:
- But if I’m not going to sign up, I want to see more gyms before I decide which one to sign up for.
- Yes, but we have to fill in this little sheet when we show it to someone.
- But I don’t want to give my data, I’m not even going to sign up for sure.
- Yeah, but we do it like that.
- Ok, put that my name is Juan Nadie and leave the rest of the data blank.
- I can’t, I have to put them on.
- Look, I’m going to go, I’m not going to leave my details just because I’ve seen the gym and you haven’t even told me before that it was mandatory.
- Okay, well, I put that the client did not want to give the data.
- Okay, I think it’s good.
The following week I went back to that gym, I ended up signing up and gave my details, of course. During the year that I was there I frequently received messages on my mobile and promotional emails. I unsubscribed and I kept getting propaganda until I expressly asked them to remove my information from their database. Now I know that surely I don’t have to give my phone or email to a gym: as happened with the hotel, having that data has been to the benefit of the company, but never mine, who was also paying them the monthly payment and they never gave me any kind of reward for putting up with their commercial noise.
We are too used – users and companies – to sharing data from which companies profit; but not us, the users
This has happened to me, and I am aware that I have a minority attitude towards these situations. What awaits the bulk of the population? Spam, notifications, distractions that we have not asked for or want, our data in the hands of who knows who. And there are many companies using these practices, with nothing erotic result.
Companies that want to know everything about us —beyond reasonable limits— by spending a night at their hotel, visiting a gym without knowing if we will sign up or not or checking if there is fiber coverage in our house; to later draw our attention with your commercial offers in the best case, or to end up sharing that information with third parties in the worst case..
Therefore, when you find a company in which you register and they say “we are not going to ask you to sign anything so that we can process your data, because we are not going to do anything with them” it is as pleasant as a blanket warm on a rainy Friday. And from there I don’t even crawl away.