He Knows When You’re Sleeping…

The holidays haven’t been so happy for the Data Industry this year.

The New York Times recently published a searing exposé on companies that collect and sell anonymized user-location data. This practice has been going on for years, of course, and has faced criticism from the media before. The Times article, however, is probably the most high-profile takedown of Location Data Companies that I have seen.

Even the biggest companies in Tech are not immune to this increased scrutiny. In what could be a landmark case, Google is facing complaints about their data usage policies in seven European countries. This is the first major action taken against a company as large as Google since the implementation of GDPR — Europe’s new regulatory policy aimed at holding companies more accountable for data usage and privacy.

None of this surprises me. It was inevitable that data companies, and the Location Data Industry in particular, would face more strict regulation in 2018. This industry is growing rapidly, and it’s important to stay focused on privacy and transparency as it continues to expand. X-Mode welcomes increased accountability within the Data Industry; we are currently focused on becoming GDPR compliant even in countries where it isn’t required.

What does surprise me is how quickly regulators have started to go after the big targets. After years of allowing Data Companies to grow in a relatively unchecked manner, GDPR seems to be making up for lost time. First, they hit Google. For their next target, they’re going all the way to the top — to the Pole, that is.

That’s right folks. Before Santa Claus comes to town this year, he’s going to have his day in court. We’ll find out just how jolly old Saint Nick is once he’s forced to explain himself to a panel of cranky European regulators.

The list of Santa’s violations is longer than his own beard. In short, regulators are pinging Father Christmas for, among other things:

  1. Failure to Obtain Explicit Consent from Consumers. If folklore and rumor hold true, Santa has access to far more data than even the most intrusive of tech companies; he knows when we are sleeping, and awake. He knows when we’ve been “bad or good” — (based on his own subjective moral code, no doubt) — and all without so much as a boilerplate privacy agreement, for goodness sake. If any other company performed such intense data collection without following proper protocol, they’d be shut down before you could say, Rudolph.
  2. Insufficient Security Measures In Place. I don’t even know where to start on this one. “Having a list” and “checking it twice” may have been enough for the carolers of old, but nowadays it won’t fly. Santa needs to keep a thorough and consistent record of his data and needs to appoint a Data Protection Officer to make sure nobody else has access to it. I highly doubt that Santa’s encryption practices are up to date. His elves may be good at building toys, but I know I would sleep better if I knew at least a few of them were good at building privacy infrastructure as well.
  3. Not Giving Consumers Adequate Control Over their Own Data. Under GDPR, consumers have the right to rectify data that they believe is incorrect. Say, for example, that Santa believes little Bobby stole some cookies from the cookie jar when in reality it was his twin brother Billy. Doesn’t Bobby have a right to rectify this data? There is not currently any sort of rectification process in place. Hell, there don’t seem to be any processes in place. Santa really needs to step up his game.

And the list goes on. Harp on all you want about the “war on Christmas,” but I say this is long overdue. For who knows how long now, the mysterious individual known as Santa Claus has been snooping on the private affairs of children across the world, taking note of their infractions like some sort of festive Big Brother. Were his infamous “list” to fall into the hands of unsavory individuals, who knows what nefarious schemes they could cook up like so many Gingerbread men.

Believe me, I don’t put all the blame on Santa. The old guy has been around for a long time, and it can be difficult to adjust to regulations that seem to be written to keep up with the rapid pace of technological advancement. Hopefully the GDPR penalties won’t be too harsh on Santa, though he may have to sell a reindeer or two. If he learns the right lessons from this, and institutes best practices similar to the ones X-Mode has in place, hopefully our Christmases will continue to be merry for years to come.


By: Joseph Green

Joseph is currently a student at Emerson College, where he studies Visual Media and Communication. As Content Creator, Joseph develops engaging content via blog posts, push notifications, and ad-copy. Joseph also draws upon his research skills to help contextualize the company’s place within larger technological and social trends in the industry.