While Elon goes about doing his thing for the United States, the news of crazy breaches and just-because-potatoes keeps pouring in, making Google’s many slogans look weak. The name of this issue adapts one of the famous ones (“If you give people freedom, they will surprise you”), but how can we forget the all-time classic? As Harvey Dent said in the second of Nolan’s Batman trilogy (the last good one): “You either die a hero or live long enough to become a villain.”

You’re reading ZERO PARTY DATA. The newsletter about current affairs, technopolies, and law by Jorge García Herrero and Darío López Rincón.

In the spare time this newsletter leaves us, we like to solve complicated issues in personal data protection. If you’ve got one of those, give us a little wave. Or contact us by email at jgh(at)jorgegarciaherrero.com

🗞️News from Data world🌍

.- Our bilirubin rises reading the open letter from *Saint* Leonardo Cervera-Navas this Tuesday.

An example of how to stand up to power with moderation but with rigor, with a simple and basic demand: that each one comply with the rules that apply to them.
Many of us asked, “What the hell is this man doing running for President of the AEPD??” Well, he was making sure he had stand (some call it “legitimate interest”) to challenge the procedure if the rules were broken. And boy did he: others also challenged it, but he alone challenged it and took down the first procedure.

On the second attempt, he decided to let it slide. The infraction wasn’t as glaring as the first. But along the way, he left us with a maxim for history. One that resonates deeply with anyone who feels personal data protection is more than just how they pay the bills at the end of the month…

.- Meta(dona), never had a great slogan like Google, but it did have a genuine Two-Face. Even though the story’s been sold like “Meta silences the latest whistleblower a la Frances Haugen,” the truth is Sarah Wynn-Williams’ book doesn’t reveal much about Meta’s scandals as a technopoly: it instead gossips about the intimate crap of Zuck, Sheryl Sandberg, and top execs of the disgustingly-rich-bro-type like in White Lotus / Succession. I read it from Jordi Pérez Colomé in his newsletter at El País.

As expected, the Streisand effect has unfolded in all its joyful splendor and the book is a bestseller, with or without interviews from the author (Meta has managed to ban them thanks to the signed NDAs).

– If you're only going to click one link in this newsletter… just close it and come back when you have more time. So rude! This takes real effort to put together!!

What I really mean is that this article by Ted Gioia is excellent: it picks up where Kyle Chayka left off in “Filterworld” and continues with a lot of depth and above all… a call for hope… and action.

– On this side of the pond we're dealing with drama over biometric attendance control systems, but what about in South America? Same thing with the public mess over spending a million dollars on systems that they later can't legally use. Back in the day, we used to call that “shooting with the King's gunpowder” in the Atlantic regions of Spain.

– The folks at 23andMe are filing for bankruptcy proceedings, but the interesting part is that the ICO, working with the Canadian federal authority (you know there are tons and the system isn’t that simple), have issued a proposed fine of £4.59 million. Yes, for that massive breach of genetic data they disclosed a while ago.

And the ICO’s statement was quite something: saying they’re still following up despite the bankruptcy protection filing / making it clear they won’t escape punishment / reminding everyone that data protection laws still apply.

That last bit seems like a no-brainer, but here we are, seeing news about people asking how to exercise their deletion rights, remove accounts, and withdraw consent for research in light of a possible data sale.

Let’s hope that in their financial desperation they don’t start selling off their entire historical data trove. Almost like the main asset for which Saudi Arabia bought the good part of Niantic: the one with Pokémon Go and the “Large Geospatial Model”.

– Literally a data protection horror story in Cambridge. It's hard to imagine a worse scenario than this one.

– What would Germany be without… its beloved fax?

The Dorito moment

.– Still trying to digest the pants-dropping moment from Paul Weiss’s firm before Dorito man…

… Or this other one: The Trump Administration Accidentally Texted Me Its War Plans

We had to reach edition #16 to make it 100% clear that the most coherent way to talk about Trumpian nonsense is with memes only. Let it be known.

📄Data-heavy documents for coffee-lovers☕️

.– This paper by Sophie Stalla-Bourdillon touches on a hot topic in recent months: the pseudonymisation/anonimisation relationship after the latest case law developments and EDPB guidelines.

.– Dutch DPA’s consultation on meaningful human intervention in algorithmic decision-making. The doc is interesting.

– Viva México cabrones! Key points of the new Federal Law on the Protection of Personal Data Held by Private Parties, published March 20, 2025, via Héctor Guzmán.

.– I really liked this post by Tammy Lee on LinkedIn: Metadata: The Most Powerful Force You’ve Never Thought About. Very well written and focusing on a different angle in the debate about how to fix all those broken algorithms.

.– As Enzo M. perfectly argues in his comment on a Belgian DPA ruling, that “Check our privacy policy regularly for updates” isn’t just a bad practice: it’s a blatant GDPR violation (and I’d even say it’s spelled out in the old transparency guidelines, but I’m not going to look it up now).

.– The Swiss DPA is lost, to put it mildly, with Grok.

.– Have you lost track of all Google’s privacy scandals and penalties? I know, there are quite a few. Don’t worry, Paulajose.com got you covered.

💀Death by Meme🤣

Papers of the week

.- One of the most unforgettable lessons from “Privacy is Power”, the book that launched the essential Carissa Véliz, is her clear and simple explanation of how privacy is a critical safeguard against state power, and a precondition for nearly all other constitutional rights.

.- The latest paper by Dr. Daniel Solove, Privacy in Authoritarian Times: Surveillance Capitalism and Government Surveillance, is our paper of the week.

Two days ago we recommended in our Spanish edition “The Great Revenge” by Andrea Rizzi, which explores in geopolitical terms the causes of the growing authoritarian threat. Solove’s paper is a great summary of everything autocracy tends to screw up once it takes a seat.

🧷 Useful tools 🔧

.– The key CJEU rulings post-GDPR, classified by applied article, topic, date… This tool is an absolute gem, generously created by Milos Novovic for me. And also for you, if you want to use it.

Seriously, it’s face-hug worthy.

🙄 Da-Tadum Bass!!

.- Incredible red flag.

Si crees que esta newsletter puede gustar e incluso ser útil a alguien, reenvíasela.

Compartir

Si echas de menos algun doc, comentario o chorradón que manifiestamente debería haber estado en el Zero Party Data de la semana, escríbenos o deja un comentario y lo valoraremos para la próxima.

Deja un comentario