When you hear that someone is a “privacy professional”, you know two things about them:

1. That they work in the field of privacy
2. That someone pays them to do that

So ask:

Who is paying you?

(Always follow the money.)

Based on the answer, you’ll know whether their job is to protect your privacy or to find ways of legitimising their employer’s business model that’s predicated on violating your privacy.

Also, ask yourself: who has the most money?

Then you’ll know who can afford to hire the largest number of “privacy professionals.” Hint: trillion-dollar corporations are called trillion-dollar corporations for a reason.

(Wait a minute, am I really saying that most “privacy professionals” are hired to help corporations violate your privacy, not protect it? That’s a yes.)

Finally, have a little read up on “revolving doors” to understand that for some of these “privacy professionals”, a job is just a job and they will happily flip between the two because, really, it’s all just a game to some people when you have a certain level of privilege.

I was once censured by the Nordic Privacy Arena – a conference that “aims to be part of the privacy professional’s journey” where I was presenting a keynote – for criticising the keynote by a Facebook employee (a lawyer who was a “privacy professional”). What was that Facebook employee’s previous job, you ask? Oh, he worked at the French data protection office (CNIL). And that, kids, is what we call a revolving door.

(Last year, Nordic Privacy Arena had four speakers from Google as well as a speaker from Capgemini – whose US subsidiary has a contract to provide surveillance and tracking services to ICE* – and Salesforce**. Not to mention a representative from the Irish Data Protection Commission. You know, the folks who enforce GDPR to the extent that they’re sued by @noybeu to do so. If you don’t know how corrupt Ireland is on this, read the excerpt from the Facebook whistleblower’s book, Careless People, that I quote in this post: ar.al/2025/03/21/careless-peop…)

And none of this is going to change if we continue with the framing of “data protection”. We must make this whole business model illegal.

We must go beyond GDPR to GDMR: General Data Minimisation Regulation.

ar.al/2018/11/29/gdmr-this-one…

* surveillancewatch.io/entities/…
** dpforum.se/nordic-privacy-aren…

#CPDP2026 #CPDP #NordicPrivacyArena #dataProtection #privacyWashing #institutionalCorruption #revolvingDoors #usefulIdiots #privacy #humanRights #GDPR #GDMR