14:55 1 February 2019
Law services
May 25, 2018 will forever be the day that people got the most spam, ever. It all started a few days earlier but came to a head on the last Friday of May, when we started receiving dozens upon dozens of emails informing us in a variety of shapes and forms about the new data protection laws, known by the English abbreviation GDPR, which came into force that day.
The emails came from online services we may have unwittingly subscribed to years ago, some from trusted sources, and in more than a few cases we got emails from organizations we’d never heard of before. It may have been somewhat disconcerting to find out how many databases actually feature our names and email addresses and to wonder how they got there in the first place. We also probably wondered how many more are out there that deemed it unnecessary to send us unwanted reminders of how careless we’d been with sharing our information. Some emails came with neatly clickable “Unsubscribe” options, some asked us politely to opt in to stay on their mailing list. Some just sent pages-worth of disclaimers in legalese in the hope that no sane recipient would actually read it to find out how to delete their name from their database. If you thought that any EU mandated data protection legislation would be any different, you may have forgotten that it is always their preferred way to “communicate” anything and everything to the end-user. That was also the case when they told everyone they had to inform you about cookies files being stored.
The problem with this approach is that it puts the burden on the end-user. You could say that the EU believes all its citizens to be capable of making an informed decision and I would be inclined to agree, for the most part. But we are also vulnerable to being manipulated by crafty corporate lawyers, who trick you to clicking “OK” to almost anything that pops up. How many of you actually read all the pop-ups regarding GDPR? Perhaps you read the first one or two, but you probably gave up after the third one. One shifty website went as far as to write at the end of a page-long snooze-fest of an explanation that if you agree to everything stated above, just click the “X” button in the top right corner. Who, after all, has the time for a 10-minute debate with their browser every time they visit a website? But if you unwittingly consent to something, it’s on you, the legislators did their job: after all they made the service provider ask you all kinds of convoluted questions.
The volume and scope of all the unsolicited GDPR consent requests has in fact led to some sort of panic. It may have, in fact, contributed to a variety of ludicrous, and sometimes even dramatic incidents that have happened in Poland over the weeks following the introduction of GDPR, such as:
l A cemetery was closed for several days because there were
headstones of people who are still alive (yes, it’s creepy, but
let’s not judge how people choose to prepare for the afterlife).
l A university blurred the names of their employees on the “Office
hours” list, so that now you can only find out that John XXX
works in room 501 between 2 and 4 pm, while Linda XXX is on
maternity leave (beware the sensitive information).
l A clinic obscured the specialties of the doctors on their office
doors, so that e.g. patients seeing a proctologist wouldn’t feel
embarrassed.
l After a recent major accident in southern Poland where a student-
filled coach collided with a truck resulting in many injured
kids, parents had trouble locating their children because hospitals
would not release patients’ data over the phone.
Hopefully, now that we’ve either ignored the GDPR emails and pop-ups or unsubscribed wherever we could, the world should go back to normal. Our data should be safer. For better or worse, we now live in a world under the protection of the almighty GDPR.
