One thing that data protection legislation has given us over the past few years, is increased scrutiny on ‘the company you keep’. Who to surround yourself with. Who to accept and embrace within your social and professional circles, and sometimes, whom to shy away from. Unethical data practices are still widespread, but at least every now and then a spotlight is put on something that really should not have taken place. As retrospective and reactive as that is, privacy, security professionals and entire procurement teams are forced to enhance scrutiny on the supply chain. Who do we do business with, to whom should -or can we- outsource certain (personal) data processing practices? And I do believe we still have a fairly long way to go in that required level of assertiveness.

Not too long ago, a small law firm got a fine because they used Whatsapp to share/discuss (confidential) client data. It didn’t hit the news and wasn’t all that big. Recently, JPMC however received a record fine.  And there’s seemingly more to come no doubt! 1 Billion turns quickly into 2. And I can’t help but wonder why are EU regulators so behind on this? Because where the U.S. SEC is focusing on record keeping practices, the EU has clear rules for data processors, and how to contract them. Whatsapp (or Messenger, or Telegram, or others) doesn’t let itself be bound by a DPA (i.e. data processor agreement ex art 28 GDPR)… And the SEC actions are against banks, but think about your medical data, exchanged between healthcare professionals who in some places seemingly do everything on Whatsapp? We of course can all go down the cookie-crumbling diverting discussions about Google Analytics or Fonts and such, when it comes to international transfers of personal data. But what about using unsupervised service providers, uncontracted, uncontrolled, who do whatever with (meta)data you do NOT control? It’s imperative to scrutinize the company you keep.

Many people -at least that I know- are of a personal preference to stay away too from companies like Facebook, and products like Whatsapp. Privacy in part is a choice, and fundamental principles behind it include the protection of autonomy and prevention of discrimination. These people nonetheless experience immediate exclusion, e.g. when on the workfloor things get discussed department-wide ‘only on Whatsapp’. Uncontrolled. Using it to share confidential information, personal data of others, and discuss whatever. It gets even worse when you get bullied about it, professionally, something I first-hand overheard not too long ago happen in a company. I can only assume the level of toxicity in work environments like that. But it’s a job, and many others would love to have it if you’re not in it, so you stay. The company you (are sometimes forced) to keep.

Denmark realises this also has to do with future developments and long term impacts, and seeks to protect their children’s digital opportunities by banning Chromebooks and Chrome or Workspace from schools nationwide. Believing that when one regulator speaks on behalf of all EU member states, I am surprised to still have to see my daughter come home after new school day 1 with a Chromebook. When asking about alternatives, I listen impatiently as to how there is ‘no way’ there are alternatives for the digital classroom, Chromebooks are simply ‘the selected appliance for this grade level’ and ‘the only way’ my daughter can get education for the coming six years. That monstrosity ‘must’ even be brought home and hung to the home network. So now I have to expand the isolated guest channels, but okay. The company we keep, because otherwise it’s actually a good school.

This girl by the way infamously at the age of 10 walked up to me and said: ‘Dad, I just read WhatsApp’s privacy policy, and I have questions’. Now, age 13, she’s transitioning to next level school where her social structure is to not only considerably change, but becomes a critical fundament of her further choices in life. After I answered her questions, she left WhatsApp on her own insights that same day 3 years ago. She moved to a more privacy-friendly platform that she’s happy with, and even got all the family to move to the same (3 generations of two families in fact). Some friends, both distant and closer did not transition, and contact diminished almost automatically. She’s okay with it and wonders out loud ‘if they really cared, it wouldn’t be difficult to add just one single free app amidst all the dozens of games they download every year.’ But new school, new company. Cycling together for the coming several years , making appointments the whole week long (oh and of course there’s teenage gossip and all that)… Company to certainly keep.

Then my professional deformation knocks on a distant door in the back of my head. ‘Consent must be freely given’. That’s why employees for example should not be asked for consent when it comes to processing their data, nor should governments jump to consent when it comes to their processing of citizen data. I can only pray she doesn’t in the end succumb only to peer pressure and end up having to do what she doesn’t support. But then I think of diversity again. Diversity is about many things, but it’s at least about social acceptance. Acceptance when you ARE a little different, but just as much acceptance when you value different things. I am dating myself here, but we used to wait looong seconds literally ‘dialling’ 8 or more digits on a heavy grey wall-wired phone. To the point where -according to the comedian Louis CK- people with too many 9s in their phone number received notably less calls because we couldn’t be bothered to see the dial roll back slowly so often, unless it was really important. Adding privacy-friendliness to those who value it, without leaving them out entirely, should not be too difficult I hope. For students in Denmark, but also closer to home.

For teenagers with friends, and for teenagers trying to make friends.

For big American banks, and for any other organization.

Privacy and diversity. Let’s mind the company we keep, and how we keep them, while keeping an open mind.