In fact, yes. It’s malicious in the vast majority of cases, with behavior patterns quite akin to cons where you are made into signing something under time pressure and are actively discouraged from asking questions.
I had maybe one occasion where upon asking questions about how long they store my information and who exactly they give it to, I actually got answers and learned something. It was a dentist office, and by that time I had been visiting them so often that we were practically friends.
The rest of the time (mostly in hotels), they didn’t like it very much that I took time to read through their GDPR forms and actively withdraw my consent from optional things, of which there was like 85%, and some dealt with sharing my data with undisclosed marketing partners. Some of this, especially the undisclosed bit, I think, is a no-no under GDPR, although a lawyer may promise you a way to weasel out of trouble.
Note that when you deal with public administration, depending on the country, they may have you sign something to the effect that if they fine you and you don’t pay, your data will go to a debt collection firm, at which point you may assume it goes to all of them, because they trade debts between themselves, too. And of course, those share data with further companies according to agreements between themselves to which you are not a party, so I’m wondering if there is/should be a way to curb them…
I had maybe one occasion where upon asking questions about how long they store my information and who exactly they give it to, I actually got answers and learned something. It was a dentist office, and by that time I had been visiting them so often that we were practically friends.
The rest of the time (mostly in hotels), they didn’t like it very much that I took time to read through their GDPR forms and actively withdraw my consent from optional things, of which there was like 85%, and some dealt with sharing my data with undisclosed marketing partners. Some of this, especially the undisclosed bit, I think, is a no-no under GDPR, although a lawyer may promise you a way to weasel out of trouble.
Note that when you deal with public administration, depending on the country, they may have you sign something to the effect that if they fine you and you don’t pay, your data will go to a debt collection firm, at which point you may assume it goes to all of them, because they trade debts between themselves, too. And of course, those share data with further companies according to agreements between themselves to which you are not a party, so I’m wondering if there is/should be a way to curb them…