Happy GDPR day. Here's some sensitive data about me.
25 May 2018
I know I haven't posted for a while, but I can't skip GDPR Day. You don't see a lot of personal info from me here on this blog. But just for once, I'm going to share something.
I'm a blood donor.
This doesn't seem like a lot of information. People sign up for blood drives all the time. But the serious privacy problem here is that when I give blood, they also test me for a lot of diseases, many of which could have a big impact on my life and how much of certain kinds of healthcare products and services I'm likely to need. The fact that I'm a blood donor might also help people infer something about my sex life but the health data is TMI already.
And I have some bad news. I recently
got the ad info from my Facebook
and there it is, in the file
American Red Cross Blood Donors. Yes, it
looks like the people I chose to trust with
some of my most sensitive personal info have
given it to the least trusted company on the
In today's marketing scene, the fact that my blood donor information leaked to Facebook isn't too surprising. The Red Cross clearly has some marketing people, and targeting the existing contact list on Facebook is just one of the things that marketing people do without thinking about it too much.Not thinking about privacy concerns is a problem for Marketing as a career field long-term. If everyone thinks of Marketing as the Department of Creepy Stuff it's going to be harder to recruit creative people.
So, wait a minute. Why am I concerned that Facebook has positive health info on me? Doesn't that help maintain my status in the data-driven economy? What's the downside? (Obvious joke about healthy-blood-craving Facebook board member Peter Thiel redacted—you're welcome.)
The problem is that my control
over my personal data isn't just a
problem for me. As Prof. Arvind Narayanan
Poor privacy harms society as
a whole. Can I trust Facebook to use
my blood info just to target me for the Red
Cross, and not to sort people by health for
other purposes? Of course not. Facebook has
crossed every creepy line that they have promised not
To be fair, that's not just a Facebook thing.
Tech bros do risky and mean things all the
time without really thinking them through,
and even when they do set appropriate defaults
they half-ass the implementation and shit
Will blood donor status get you better deals, or apartments, or jobs, in the future? I don't know. I do know that the Red Cross made a big point about confidentiality when they got me signed up. I'm waiting for a reply from the Red Cross privacy officer about this, and will post an update.
Anyway, happy GDPR Day, and, in case you missed it, Salesforce CEO Marc Benioff Calls for a National Privacy Law.