In the latest episode of Humanizing Technology, we spoke with Sergio Maldonado, founder and CEO of PrivacyCloud. 

Sergio is an experienced lawyer, a software developer, an entrepreneur, a passionate guitar player, and so much more. In short, an open-minded, curious, versatile human. We were thrilled to welcome him to the show this time. 

‘Forget everything you know about the Internet’ is the bold claim that can be found upon entering the “PrivacyCloud” (a naturally cookie-free environment) website. Sergio explains what this means and proceeds to ask me, as the host, what I think it implies. A pleasant, unexpected twist to how our usual interviews are carried out. 

35% of people in the US say they accept cookies without thinking about it and have no clear understanding of profiling or what happens when your data is exposed.

There is slightly greater sensitivity towards this in Europe, but there is still a significant need for education. People often trade their privacy against viewing options because they are tricked into acceptance. The conversation circles briefly around ideas to use dark patterns in cookie banners to educate people about the consequences of giving away their data instead. 

Because dark patterns are a forced consent, and to reverse the effect, people need to understand what is going on. But the problem is that the information provided in cookie banners is never enough. 

Legitimate interest is a much better legal basis so that any data collected is clearly identified as such and does not supersede the interests of every person. This way, people expect you to collect that data for the website to work properly. 

As Sergio puts it, this creates a ‘natural flow’, allowing you to experience all website functionalities aligned with your settings and given consent. This is a much better privacy by design approach than forced consent that people do not understand.

‘My house, my rules’

The companies’ responsibility to abide by GDPR is, as such, partly pushed onto the individuals’ shoulders. That has led to some website providers taking on a “take it or leave it” attitude: Either visitors consent to the tracking or will be unable to use the website. However, people don’t know when they are in someone’s “house” and what those rules are, but are still asked to give consent. 

Sergio has been exploring the idea of a tool that helps you make sound decisions without needing to fully understand every detail - an intermediary that helps navigate the legal complexity by simplifying the processes - not only about privacy but anything: clickwrap contracts or standard contracts.

‘A hippie vision’

As the interview progresses, Sergio explains in great detail the differences between zero-, first-, second- and third- party data and their various uses. 

He concludes with the competitive advantages of zero-party data. Aside from doing the right thing and not exploiting people, there is a benefit to responding to a demand-driven world for information and goods. Hence, people have control of their personal data and can receive a more personalised experience, creating better search results with personalised offerings.

‘Stop going with the flow when it comes to installing trackers’

PrivacyCloud aims to help educate retailers in data protection and convince them of the importance of privacy minding principles, says Sergio and stresses that an initiative like the ECA can help support this vision as a joint effort. 

Their intention is to achieve a common ground, a threshold that shares a minimum common denominator within their connection with the ECA for more ethical standards. To achieve this and to understand such principles, retailers need to find some guidance that we hope to provide with our partners.

Larger companies have it easier financially to abide by ethical standards. It is a lot more challenging for smaller businesses, and we need to help them find the resources and alternatives. In return, PrivacyCloud’s retail network can enforce and diversify the ECA network and can help to set some basic guidelines beyond GDPR compliance.