Do you lie enough? You probably need to lie more often!
When filling out online forms that is.

Since the GDPR, the EU data protection rules, came into effect last year, many companies struggled with getting their online forms compliant. Some don’t really try, others think they’ve done it well but really haven’t, and a tiny minority actually really adapted their order flows and forms to adjust for the GDPR. (Although GDPR mostly aren’t new rules, btw, it’s just that non-compliance costs a lot more).

Since not all forms are fully compliant, I routinely fill in false information. If they don’t limit their data collection, I will take the responsibility on myself to create as much noise in their data as is prudent.

Yesterday I ordered something from an on-line retailer. The form that asked for where to send my order didn’t indicate which fields were mandatory, but clearly contained fields that weren’t GDPR compliant if they were.

I filled out only the things needed to complete the transaction, which is the delivery address, and an e-mail address or phone number to keep me informed of the process. They also asked for my birthday (we’ll send you a birthday greeting!), which at least wasn’t mandatory, and shouldn’t really be asked for such a frivolous reason.

Turns out the name (first and last name fields) of the addressee was mandatory. Not entirely unexpected, to ensure the right person at the address provided receives the package. This was after payment, and meant for the fulfilment partner. So they don’t really need a mandatory field for first name, nor a proper last name, as long as the receiver knows for who a package is.

I opted for the initials A.V.G. (the Dutch abbreviation for GDPR). And a last name that was incorrectly spelled. Previously I filled out a mandatory department name in my company as ‘Read the GDPR this form sucks‘.

>

We probably all need to lie way more when filling out forms. Here’s the recipe.

For each field in a form

  • If it is not mandatory don’t fill it out. They are trying to get more data about you voluntarily. Unless you perceive a clear need for yourself (e.g. you want them to SMS you when the delivery van is 30 minutes away)
  • If it is mandatory, ask yourself how needed it truly is
    • if it concerns contractual aspects, your real name etc is needed. So you can rely on it later concerning warranty, tax purposes etc.
    • if there is no perceivable need, then lie, obfuscate or provide info that when read by a human is a reminder they should change their forms. “read the GDPR”… etc.