In a world where almost all our communication, healthcare, work, and administration takes place online, privacy is not a luxury, it’s a necessity. Yet I still often hear: “Oh well, what does it matter… my information isn’t that interesting”. It may seem like an innocent statement, but in practice, it undermines our collective digital resilience.
The illusion
We overestimate our anonymity and underestimate the impact of (meta)data. What can a hacker or a company do with your location, browser history, or click behavior? More than you think. Companies like Meta, OpenAI, TikTok, and Google don't need to read your messages to know how you feel, what you buy, believe, or vote. They combine bits of metadata, when you do something, with whom, and from where into a surprisingly complete profile. And that data is valuable. To marketers, insurers, recruiters, and governments.
“ Facebook paid $19 billion for WhatsApp, not for the content but for the metadata ”
Bart Heesink
It's Not Just About You
Even if you don't find it important and choose not to handle your data carefully, you still have a responsibility to handle other people's data with care. Most people have access to data that contains information about others (e.g., your contacts or data within workplace applications).
Privacy is a collective good. Think of social media, platforms, team chats, and other applications: if one participant shares or inadequately secures sensitive data, it can affect many others. This makes privacy not just an individual right, but a shared responsibility.
Legislation is necessary, but often too late or too limited
The GDPR is a step forward, but there are still plenty of gray areas. Consider recent concerns about AI and surveillance, or how easily U.S. cloud providers must surrender data to intelligence agencies. Also think of situations where privacy clashes with policy, such as in fraud prevention in healthcare, where insurers gained access to medical records without explicit consent. Often, a cannon is used to shoot a mosquito when it comes to privacy.
Progressive organizations take responsibility
At organizations like AcademicTransfer, 99gram, and Jouw Omgeving, we've seen how important it is not to treat privacy as a “compliance checkbox”, but as a strategic pillar. By applying ‘privacy and security by design’. Through secure passwords, automatic logouts, encryption, no tracking, no external services outside the EU, and minimal data collection (only store what you need), you prevent user data from becoming a risk.
But is anything really safe?
Fortunately, yes. Technology keeps evolving, and you have more influence as a user than you might think.
Concrete measures organizations (and users) can take:
- Use passphrases instead of short passwords, and store them in secure password managers.
- Use two-factor authentication, but opt for authentication apps or hardware tokens instead of SMS codes.
- Never send sensitive information via regular email unless it is end-to-end encrypted. Think of solutions like ProtonMail or tools for temporary, encrypted messages.
- Use a VPN so you always have a secure connection.
- Limit data storage and linkage to a minimum. The less you know about users, the smaller the risk.
At Leukeleu, we apply the principle of data minimization. We don't want to know everything about end users, only what's truly necessary. This makes our applications and platforms safer and more user-friendly.
We've also developed Django HIdP to implement the above measures in a user-friendly way within our applications.
Awareness
Safe behavior starts with awareness, not with fear but with ownership. Everyone has something to hide. And that's not suspicious or exaggerated; it's human. What you send to friends, which sites you visit, your bank statements, it's private, and it should stay that way. What we need is a collective behavioral change. Just like with sustainability: not just rules or technology will solve it, but the combination with awareness and behavior. That's why this article is also an invitation: how can we work together for a safer digital landscape?
Want to know or talk more about this?
Are you working on a platform with sensitive data? Looking for ways to structurally ensure security? Or do you want to make your team aware of the risks and solutions? We're happy to have a conversation.
Talk to us!
Sources
- Martijn & Tokmetzis - Je hebt wél iets te verbergen, De Correspondent
- Bruce Schneier - Data and Goliath
- Zembla - Data is het nieuwe goud
- NOS - Datalek bevolkingsonderzoek
- HaveIBeenPwned - check if (and where) your e-mailadres is compromised
- Ghostery - plugin plugin that shows which services are loaded on a site (and you'll be surprised ;)
More articles
- Code with a soul
- Responsible use of AI
- Experimenting with Vibe Coding: a new way of working
- django-hidp: A Complete Authentication System for Django Developers
- How Leukeleu's contribution to open source strengthens your digital security and privacy
- Digital sovereignty
- ISO 27001 certification replaces hope with certainty
- Python & Django
- Waarom AI ons niet gaat vervangen
- From Technical Debt to Sustainable Development