Privacy Washing: Don't Do It!
Because pretending to care about privacy doesn’t actually protect anyone.
Just like Green Washing in ESG or AI Washing in tech, Privacy Washing happens when companies try to look like they care about privacy without actually making a meaningful difference for data subjects. Let’s talk about the three most common offenders:
But before start, subscribe to our newsletter and support this new project
Cookie Banners That Do Nothing
We’ve all seen them: cookie banners plastered on websites just for show. If your cookie management solution doesn’t actually block the sharing of personal data with third parties—especially for marketing purposes—it’s useless. Many WordPress plugins come with a ready-made cookie banner, but it doesn’t magically ensure compliance. A proper cookie banner needs to enforce user consent, not just pretend to.
Passive Outsourced DPOs
Let’s be clear: I fully support outsourcing DPO services when it makes sense for a business. But hiring a “nameplate DPO”—someone whose sole purpose is to appear on the privacy notice—is a waste of money and offers zero value.
Small businesses often don’t know what to expect from a DPO, which makes it easy to end up with no tangible outcomes. A DPO isn’t like insurance that you pay for but hope never to use.
If your company has an internal privacy structure and only needs an outsourced DPO for communication with regulators and data subjects, that’s fine. Many law firms offer this service. But if you have nothing in place and hire a DPO just for appearances, you’re missing the point entirely. At the very least, review your contract to clarify the scope of services, deliverables, and expectations.
Copy-and-Paste Privacy Policies
Let’s be honest: any GPT tool can generate a privacy notice. There are hundreds of "privacy policy generators" out there. But do they reflect your company’s actual processes?
Using templates to get started is fine—even the ICO in the UK launched a policy generator for small businesses last week. But blindly copying from another site or using a template "as is"? That’s a hard no. Your policy needs to be customized to align with your business practices; otherwise, it’s just more privacy washing.
Do you like it ? Share the publication!
Bottom Line: Real privacy governance requires effort. It’s not about appearances—it’s about creating trust and respecting fundamental rights. If you’re going to claim you care about privacy, back it up with real actions, not shortcuts.