When you hear that someone is a “privacy professional”, you know two things about them:
1. That they work in the field of privacy
2. That someone pays them to do that
So ask:
Who is paying you?
(Always follow the money.)
Based on the answer, you’ll know whether their job is to protect your privacy or to find ways of legitimising their employer’s business model that’s predicated on violating your privacy.
Also, ask yourself: who has the most money?
Then you’ll know who can afford to hire the largest number of “privacy professionals.” Hint: trillion-dollar corporations are called trillion-dollar corporations for a reason.
(Wait a minute, am I really saying that most “privacy professionals” are hired to help corporations violate your privacy, not protect it? That’s a yes.)
Finally, have a little read up on “revolving doors” to understand that for some of these “privacy professionals”, a job is just a job and they will happily flip between the two because, really, it’s all just a game to some people when you have a certain level of privilege.
I was once censured by the Nordic Privacy Arena – a conference that “aims to be part of the privacy professional’s journey” where I was presenting a keynote – for criticising the keynote by a Facebook employee (a lawyer who was a “privacy professional”). What was that Facebook employee’s previous job, you ask? Oh, he worked at the French data protection office (CNIL). And that, kids, is what we call a revolving door.
(Last year, Nordic Privacy Arena had four speakers from Google as well as a speaker from Capgemini – whose US subsidiary has a contract to provide surveillance and tracking services to ICE* – and Salesforce**. Not to mention a representative from the Irish Data Protection Commission. You know, the folks who enforce GDPR to the extent that they’re sued by @noybeu to do so. If you don’t know how corrupt Ireland is on this, read the excerpt from the Facebook whistleblower’s book, Careless People, that I quote in this post: https://ar.al/2025/03/21/careless-people/)
And none of this is going to change if we continue with the framing of “data protection”. We must make this whole business model illegal.
We must go beyond GDPR to GDMR: General Data Minimisation Regulation.
* https://www.surveillancewatch.io/entities/capgemini
** https://dpforum.se/nordic-privacy-arena/nordic-privacy-arena-2026/
#CPDP2026 #CPDP #NordicPrivacyArena #dataProtection #privacyWashing #institutionalCorruption #revolvingDoors #usefulIdiots #privacy #humanRights #GDPR #GDMR
“In what world can an organisation seriously think it is all right to run a prominent cancer event, bringing together world experts, while also taking sponsorship from a company whose product has caused millions of cancer deaths worldwide? Absolutely shocking.”
Ooh, ooh, ooh, I know the answer to this one: in the tech world!
#AccessNow #RightsCon #CPDP #NordicPrivacyArena #FOSDEM #etc #privacyWashing #tech #humanRights #institutionalCorruption
Wasn’t allowed to ask the question so tweeted it instead (Twitter has its uses sometimes):
Facebook just presented a keynote titled Privacy at Facebook at #NordicPrivacyArena.
Here’s the question I would have asked if I had been allowed to: “Privacy at Facebook is an oxymoron; it is a contradiction of terms. Facebook’s business model is based on violating privacy…”
“Will you be nice to Facebook and Google at the afternoon sessions?” — organiser to me at #NordicPrivacyArena
(I asked the transport minister of Finland and the Mozilla rep hard questions at their sessions.)
Me: “I don’t think that’s the right question to ask. Would you be nice to Exxon Mobil at an environmental protection conference?”
Aral Balkan
