Today is Privmas Eve: the day before Privmas, aka GDPR Day: the one marked red on the calendars of every company in the world holding an asset the GDPR has suddenly made toxic: personal data. The same day—25 May—should be marked green for everyone who has hated the simple fact that harvesting personal data from everybody on the internet has been too damned easy for too damned long for too damned many companies, and governments too.
Whether you like the GDPR or not (and there are reasons for both, which we'll get into shortly), one thing it has done for sure is turn privacy into Very Big Deal. This is good, because we've had damned little of it on the internet and now we're going to get a lot more. That's worth celebrating, everybody. Merry Privmas!
To help with that, and because 99.99x% of GDPR coverage is about what it means for the fattest regulatory targets (Facebook, Google, et al.), here's an FUQ: Frequently Unasked (or Unanswered) Questions about the GDPR and what it means for you, me and everybody else who wants to keep personal data personal—or to get back personal data those data farmers have already harvested. (The GDPR respects both.)
A note before we begin: this is a work in progress. It's what we know about what's now possible in a world changed by the GDPR. And "we" includes everybody. If you want to help, weigh in. Here goes...
Bottom line, what does the GDPR mean for the "natural persons" it also calls "data subjects"?
It means we're in charge now: at least of ourselves—and of our sides of relationships with the corporate entities we deal with.
No, the GDPR doesn't say that specifically, but both the letter and the spirit of the GDPR respect privacy as a fundamental human right. Since rights are something we exercise as individuals, and not just a something good corporate behavior allows us to enjoy, we should be able to provide it for ourselves as well.
Don't we have enough privacy tools already with crypto, onion routing, VPNs and so on?
No, we don't.
Those are all forms of protection against exploitation by others. We need tools that create private spaces around us on the net, much as clothing (the original privacy tech) does for us in the natural world. We need ways to signal to others what's okay and what's not okay, and to know easily when those signals are being respected and when they are not. We need ways to move about the net anonymously, and to submit identifiers only on a need to know basis, and then in ways we control.