OK, I admit it. I was on the road and got a longing for junk food. It happens. So I pulled in to a joint and ordered myself a ton of calories that I was going to regret.
With my trayful of fat and carbs came a long receipt for my sins which contained a juicy offer – a burger and fries at half the usual price. All I had to do was take an online survey to let them know how I fared with my fare.
I accessed the required website while nibbling my chips and of course, I couldn’t ignore the first screen I saw:
[Entity] are commercial computer software, as defined in 48 C.F.R. §2.101. Accordingly,
if you are an agency of the US Government or any contractor therefor, you receive only those
rights with respect to the [entity] as are granted to all other users under license, in
accordance with (a) 48 C.F.R. §227.7201 through 48 C.F.R. §227.7204, with respect to the
Department of Defense and their contractors, or (b) 48 C.F.R. §12.212, with respect to all other
US Government licensees and their contractors.
The US Department of Defense? I thought you just wanted to know if the loo was clean? For the love of all that is fair and transparent, this is clearly overkill. Or laziness. What has this got to do with my cheap burger?
I clicked Continue. The survey itself is innocuous – were the staff friendly? Was the food good? Were the toilets clean? All harmless stuff. Which begs the question why lawyer up so heavily?
There is no way to enforce this rule. It’s one part of the GDPR that is simply unworkable.
And then I found this:
i.e. Don’t press this big red button
This paragraph is nowhere to be found unless you go looking for it and believe me it takes a while to find. But this is chilling, and just wrong.
So I’m a 13 year old, hanging out with my buddies in the local burger joint and if I pony up my pocket money for even a small ice cream in this establishment, I’ll get this tempting offer for my return hang out and can do the survey again and again. This US-based entity is sucking up my personal data and very likely my social media accounts. Are they profiling 13 year-old me? Are they selling the profile on the open market? How long are they retaining all my data and metadata? We don’t know because they’re not telling. They are burying their intentions under swathes of jargon. All for a cheap burger.
A lot has been written over the years about the frankly ridiculous nature of privacy policies. How can people be expected to embrace the concept of controlling their personal data when the very people charged with helping them do so allow publication of reams of legalspeak?
- if presenting it in a digital format: state what the page is about at the top. Then provide more detailed information progressively down the page or on other linked pages.
- if presenting verbally: state your 5Ws and H succinctly and offer to give the customer/user further information on all/any they choose.
You can have your cheap burger with fries, but you may have sold a part of your soul to get it.