Privacy often guides my tech choices, I do have a Facebook account for events but I don’t use their apps and I only log in when I’m invited to something. I try to use DDG though it’s almost impossible to avoid google in my language. And so on, but one area I can’t avoid is banks, and I’ve been wondering why they are sneaking past the privacy talks.
I’m Danish and we’re rather digitized. I mean, I have a national ID that can authenticate me anywhere that support it that runs in a mobile app. I use it for things like banking. Anyway, we also have a range of financial apps. Two are particularly interesting in terms of privacy. One of them is called mobilepay, and mainly handles transactions between small shops or when you need to send/request money between friends. As such it knows who my closest friends are more accurately than Facebook ever did, because I never Facebook chatted with people I see every day, I do however go to various events with them where we manage the bill with mobilepay. And since mobile pay isn’t just linked to a contact, but an actual phone number they have that too.
That’s not really the part that worries me though. It’s the way they track my purchases. Mobilepay lets you do electronic receipts, meaning they can read what you buy. It’s voluntary so you could opt out of it, but we have another app called Spir which helps you budget and organise your private economy by accessing your accounts through bank APIs. Spir can also see what you purchase, so even if you’re not opting into it, banks tack everything we buy unless we’re using cash. I’m not sure if this has to do with our national payment-card called Dankortet (kind of a mixed credit/debit card, but not exactly) or it’s just how modern transactions work. However that information is much more accurate than my search history.
I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google might think I have cancer. My bank knows that’s wrong though, because they know I bought hemorrhoid medicine at the pharmacy.
For example, in Sweden, we have stores that are kontantfri (cash-free) and it's projected that almost all of Sweden will be cash-free by 2023[0] to 2025[1]. (Sorry the links are in Swedish but you should be able to use <your chosen provider here> to translate them to your language.)
Given that the nordics tend to trend together, I imagine that Denmark is relatively along the same path to being cash-free, as well.
I think a better (but more complicated) alternative would be to use two different SIMs for separating those apps from an every-day number; however, that comes with the problem of carrying a second phone. Dual-SIM would just present a surface to tie the two numbers together but so would the two phones being in the same area (in proximity of each other) almost all of the time.
In other words, I don't really know how to solve this problem because it depends on everyone else not jumping on the bandwagon; however, to your suggestion, cash will not be a viable option for any purchases - much less, sensitive ones - in the very near future.
While it may technically be fraud, the registration information for non-reloadable cards is only a name and address, which is not verified. If the processor uses an AVS check (in the US, this is usually just the ZIP code), then whatever you enter must match what you registered with, but that could be... whatever.
When one considers how fat the deck is stacked against individual consumers in today's market, I would be inclined to tolerate some Thoreau-style civil disobedience on this. The desire for privacy -- to effectively "use cash" at "cashless" establishments -- may require the need to engage in this activity.
The other question would be, who is being damaged by this fraud? Presumably the seller of the card (and banks/processors in between), who would like to link all your card purchases to some master profile. Well, I wouldn't begrudge anyone with disobedience on that one too. They're still collecting fees on every purchase.
From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
> From some discussions about this letter I gather that it can be easily dismissed by court because it reeks of "bad faith" and not a legitimate concern.
Do you have more details about which particular sections "reek of bad faith"?
It's not any particular section, rather the tone and the breadth. One easy answer to such a letter is "please read our privacy policy and come back when you have more specific questions". Your company's privacy policy should cover almost all of the "concerns" covered in this letter. Bad faith comes from the fact that a sender of such a letter has, quite obviously, done zero due diligence. The spirit of GDPR is not to fuck with everybody around, it is to force companies to be more responsible overall.
This is why those OATH and similar dialogs are so jarring, the correct implementation should be opt out by default without being bothered every time one visits a website.
I’m Danish and we’re rather digitized. I mean, I have a national ID that can authenticate me anywhere that support it that runs in a mobile app. I use it for things like banking. Anyway, we also have a range of financial apps. Two are particularly interesting in terms of privacy. One of them is called mobilepay, and mainly handles transactions between small shops or when you need to send/request money between friends. As such it knows who my closest friends are more accurately than Facebook ever did, because I never Facebook chatted with people I see every day, I do however go to various events with them where we manage the bill with mobilepay. And since mobile pay isn’t just linked to a contact, but an actual phone number they have that too.
That’s not really the part that worries me though. It’s the way they track my purchases. Mobilepay lets you do electronic receipts, meaning they can read what you buy. It’s voluntary so you could opt out of it, but we have another app called Spir which helps you budget and organise your private economy by accessing your accounts through bank APIs. Spir can also see what you purchase, so even if you’re not opting into it, banks tack everything we buy unless we’re using cash. I’m not sure if this has to do with our national payment-card called Dankortet (kind of a mixed credit/debit card, but not exactly) or it’s just how modern transactions work. However that information is much more accurate than my search history.
I have anxiety, I also recently had a hemorrhoid, I’m fairly certain google might think I have cancer. My bank knows that’s wrong though, because they know I bought hemorrhoid medicine at the pharmacy.