Most people do not leak their secrets.
They leak their patterns.
The time they wake up.
The routes they drive.
The apps they check before bed.
Patterns speak louder than confessions ever could.
They are also worth more to advertisers, insurers, governments, and anyone running an algorithm.
That is why “I have nothing to hide” was never the point.
In 2025 the question is not whether you are hiding anything.
It is whether you have any control over the story those patterns tell about you.
Why the “Nothing to Hide” Argument No Longer Works
- It’s not about secrets, it’s about profiles.
Companies aren’t hunting for skeletons in your closet. They’re aggregating habits, preferences, and metadata to predict and monetize your behavior. - Context changes, data doesn’t.
What feels harmless today, such as location data, purchase history, political likes can be misinterpreted under a different employer, insurer, or government five years from now. - You don’t get a second chance.
Once collected, your data circulates in unseen markets. It fuels risk models, customer rankings, and automated decisions you’ll never see.
What Is Actually at Risk
- Microtargeting: It’s not only shopping ads. Voters are shown different “truths” to shape their choices.
- Scoring behind the scenes: Credit bureaus, insurers, and landlords merge data points to silently assign risk scores.
- Permanent trails: Data brokers don’t delete. Even if you do.
This is not theory. In 2024, the Norwegian Consumer Council documented how dating apps shared intimate data with ad networks. In 2025, EU regulators fined companies for “shadow scoring” customers without disclosure.
Europe’s Counterweight
Europe grew tired of checkbox consent and put up real guardrails. These are the ones that matter:
- GDPR (2018): Access, correction, and deletion rights, plus real enforcement.
- EU Data Act (2025): Stronger rights to move your data and switch services without lock-in.
- Digital Services Act (2024): Transparency on algorithms and content curation.
- AI Act (phasing in now): Restrictions on manipulative AI systems.
Outside the EU?
Even if GDPR does not cover you, do not assume you are powerless.
–> Many companies apply GDPR style processes worldwide.
–> File data access and deletion requests anyway and see how they respond.
–> Use EU or Swiss providers that enforce the same protections globally.
–> When local law fails, the best defense is data minimalism. Share less, self host more.
How to Respond When Someone Says “Nothing to Hide”
You do not need to lecture. You just need a sharper analogy. And maybe a bit of patience. Everyone knows someone like this. In my family she is Grandma Berta. She is sharp, loving (sometimes), and convinced she has seen it all. She hates two factor codes, clicks “remind me later” on updates, and swears she has nothing left to learn from the younger generation.
Try telling Berta it is like taping a copy of her house key to the front door. She may trust the neighbors, but a stranger walking by could use it whenever they want. Suddenly the idea of “nothing to hide” feels different.
The everyday analogy
You close the curtains at night. Not because you are doing anything wrong, but because you have a right to privacy. Your personal life is not public property.
The power analogy
It is like handing over your grocery receipts to strangers. Alone, each slip looks boring. Put together, they show your health, your habits, even what kind of week you had.
The sovereignty analogy
It is not about hiding. It is about deciding who writes your story, you or an algorithm.
What You Can Do Today
✔️ Audit your accounts
Review the services you have signed up for. Keep what you use, delete what you don’t. Every closed account is one less place holding your data.
✔️ Check your exposure
Run your email through a breach database such as Have I Been Pwned. It is the fastest way to see how often your data has been spilled.
✔️ Find better tools
Instead of guesswork, explore the ALT+SHIFT+EU Directory. It is a curated list of email, analytics, hosting, and infrastructure providers based (mostly) in the EU, EEA, and UK, chosen for transparency and sovereignty.
✔️ Practice data minimalism
Delete what you do not need and share less by default. Every field you leave blank is a future problem avoided.
✔️ Exercise your rights
If you are in the EU or EEA, file GDPR requests with companies you do not trust and see what they hold on you. If you are outside Europe, try anyway. Many companies honor these requests globally.
Closing Thought
The next time someone says “I have nothing to hide,” the conversation does not need to end. It is a chance to remind them:
- Privacy is not about secrecy.
- Privacy is about autonomy.
- If you are fortunate enough to live in Europe, you have legal and practical tools to defend it.
- If you are outside Europe, your best defense is data minimalism and choosing providers that respect boundaries everywhere.
And like good engineering, privacy is a design choice. Systems that leak by default are broken. Do not ship your life that way. Start fixing the leak, one account at a time.