Danish high schools use the platform Lectio for administration and communication between teachers and students. The problem with Lectio is that the data collected is not deleted, which means teachers can go back in time and find information about grades and sick leave on students who have long since finished high school. The data is available so that all teachers at a school can access the information without a password. The practice is probably a violation of the GDPR, but it is also unethical handling of data because they are storing data that serves no purpose.

DuckDuckGo is an alternative to Google’s search engine that does not collect user data or track user searches on the web. DuckDuckGo does not even know how many users they have, as they do not track users. Because DuckDuckGo does not store information about users, users will only see ads related to their current search. When using DuckDuckGo, it is clear to the users that they aren’t being tracked across web pages and that the search engine is not collecting too much data about their movements online.

In 2017, the training app Strava published a world map, which showed aggregated data for all the cycling and running routes that people had uploaded to Strava – seemingly hassle-free, because all data was anonymized. But the problem was that in countries like Afghanistan, there was very little activity apart from selected locations, namely US bases, where soldiers used the app when training. It turned out that the map came to show precise locations and routes of bases and soldiers who exercised on their own in the landscape. In other words, it was showing sensitive data!

Using the Strava training app to track and share bike rides seems innocent to most users. But few people think about the fact that knowledge of where a bike ride starts and ends is also knowledge of where an expensive bike is parked. Precious data for bike thieves! Therefore, Strava has chosen to obscure the exact point where a bike ride starts and ends, even though it provides a worsened user experience for both those who share the bike ride and for those who follow their friends’ bike rides. They have sacrificed a little on the user experience in exchange for giving users a much more secure app.

Copenhagen Zoo has 140,000 annual cardholders. The log-in page for these annual cardholders had no restrictions on log-in attempts, which made it easy for unauthorized people to try out and access the cardholders’ personal information, including card number, name, address, and email. It got reported as a breach of personal data security and was criticized by the Danish Data Protection Agency.

Now, the zoo has had their members change passwords and they have introduced the function ”I am not a robot,” which ensures that a program cannot cheat the system. Also, they have introduced a feature that, after three failed attempts, the system will block access for one hour.

Telegram is an online chat service similar to WhatsApp and Facebook Messenger. However, Telegram has a strong focus on encryption and privacy protection. Telegram has, among other things, a data-safe function called Secret Chats. When sending messages via Secret Chats, the chat is fully encrypted, and no data is stored centrally or is accessible by employees at Telegram. You also cannot forward Secret Chats, and you can even set messages to self-delete for both the sender and recipient after a certain period. Secret Chats are therefore safe, as long as you have your phone safely stored in your pocket.

Most Danes use an online banking solution where you usually have full access to all data about your finances. However, banks often use financial data to profile their customers in different earnings segments, and very few banks exhibit this profiling to their customers. 

Banks also have data on how much they earn on each customer (the price of being a customer in the bank), but this information is also not readily available on online banking platforms. 

Banks are thus adept at providing raw data, but when it comes to aggregated data, which can be very valuable to their customers, their digital solutions are severely limited.

Following the Cambridge Analytica scandal, Facebook was criticized for collecting too much data about their users and doing so without users’ awareness. Subsequently, Facebook has designed a comprehensive and user-friendly area on the platform where you can get an overview of your data. Facebook also provides the options to restrict the collection of data and delete personal data. Because Facebook’s business model is about data collection, the company often makes it difficult to find places where you can restrict their access to data. In some cases, users get warned that they will lose functionality if they don’t allow the data collection, which is both unethical and on the edge of EU law.

Most Facebook users are aware that their data is used for targeting advertisements and other content. But only the rarest of users on Facebook understand how their data can be used and misused. A glaring example is the Russian-developed app Girls Around Me. The app combines freely available data from Facebook and Foursquare to create a stalker app where (typically) men can log in to the app and view women nearby with data about when they were last located at a specific location. The app caused quite a stir when it launched and has since been removed from the Appstore.

At the time of writing, Danish telcom uses a cookie pop-up that gives users a choice between “All cookies” and “Only necessary cookies.” With a single click, the user can deselect all cookies except the technical cookies necessary to make the site work. It is a user-friendly way to get acceptance for cookies. You even have the opportunity to dive deeper into the information and adjust your choice further (which, however, is probably only done by a few).

 On the other hand, TDC has chosen to color the “All cookies” button an alluring blue, while the ”Only required” button is white on a white background. Here, there is no doubt about what TDC wants from the user, and the company could have designed it more ethically.

Target is an American retailer that collects large amounts of data on people’s buying behaviour, using this data to profile their customers. The profiles are for sending tailored offers on products. One way is by creating profiles on whether customers show signs of being pregnant to send suggestions on pregnancy and baby products. In 2012, this resulted in Target sending pregnancy-related offers to a young high school girl, even though neither she nor her parents were aware of her pregnancy. This story created problems in the small family and made Target reconsider its use of profiling in marketing.

Facebook is rarely a company showcased as particularly data ethical but, the company is good at showing how their collected data categorizes (profiles) the individual user in different areas of interest, used to target ads.  You can find this information under privacy settings on your Facebook. It’s easy to find and user-friendly. You can get an overview of the hundreds of interests linked to your profile on Facebook. 

Users can also choose to delete information to remove personal marketing within this subject area.