Santa has been an early adopter of large-scale data mining and AI predictive algorithms to compile this year’s list of Naughty and Nice. A (naughty) elf secretly shared a copy with me. Santa is an older North European guy, who’s not afraid to call out the naughty ones, and he knows he’s not particularly popular in the world of Big Tech, especially since Santa doesn’t deliver 100$ million support yachts on the Silicon Valley wish list. Santa knows 2025 has been a terrible, terrible year for online privacy.
Naughty
The AI industry: engineered the biggest data theft in human history to train its AI models, running roughshod over intellectual property, copyright and personal data rights in the content it just took. It just took all that data, without anyone’s consent, without paying for it, and without any transparency about what it was taking. And despite a lawsuit here or there, the industry seems to be getting away with it. But Santa saw it. AI-generated slop and AI scams started infiltrating every aspect of our lives, with things getting worse, and the AI industry that made the tools to create this slop and scams washed its hands of the damage it was creating. Even AI companies have trouble distinguishing real from fake, good luck to the rest of us. But Santa isn’t resentful, and he gave the AI tech gurus a free one week vacation to learn AI scam techniques in Nigeria, and their teenage daughters are particularly welcome too.
Santa knows that AI models need to be trained on data, like human brains, learning, e.g., to associate the word “zebra” with a picture of a zebra. Neither the machines nor the humans need to have actually seen a living zebra to learn the association. But to enable the current state of generative AI, the AI models must be trained on vast amounts of data. Santa knows there are legal ways for AI companies to get this data to train their models.
Santa knows that nice AI players could license curated data sets: some companies have built businesses that build data sets specifically to sell to AI companies to train their models. Imagine a company building a vast library of cards, combining the picture of a zebra with the word zebra. Scale AI is an example of such data annotation companies. They build their databases by employing lots of very low-paid humans, and then license their database to the AI industry. Privacy laws around the world would permit the database annotations to label public figures, like Bill Clinton, in their database, but not private citizens, like most of us.
Santa also knows that AI players could license other people’s copyright data: companies that own datasets, in other words, own the copyright on their datasets, can license (sell) them. For example, The New York Times could license its archive of articles. But AI companies have in the past just taken the data, and sometimes they’ve been sued for it. One of them, Anthropic, settled with copyright owners for a very large amount of money.
This lawsuit, and settlement, was based on copyright. But what about privacy? Santa doesn’t like when naughty people steal someone’s property. Santa has never seen an AI company pay individual humans for taking their personal data to train their models.
The online ads industry: a giant ecosystem of publishers, advertisers and online ad exchanges continue to develop ever more intrusive and secretive data collection, monitoring, profiling and targeting methods. The industry increasingly uses “fingerprinting” to uniquely identify you and me and everyone online. For example, I clicked on some random news website called Daily Mail: it informed me that I had the choice of “subscribing, paying money to Daily Mail” or alternatively to “consent” to sharing my data (basically everything it was technically able to collect) with its 1436 partners for profiling and targeted ads…and that I was invited to visit the websites of each of those 1436 partners to understand what they would do with my data. (This absurd farce passes as “consent” to the processing of my personal data, in the grotesque world of online advertising.) The online ads industry has become a giant data orgy, and guess the role that you and I play in that orgy. Santa offered the online industry honchos a free one week vacation to Jeffrey Epstein’s Caribbean island, to join a seminar on the legal concept of “consent” in the context of a “deal” between rich and powerful older men claiming to obtain the consent of much younger women and girls for intimacy. The online ads world repeats that pattern, where rich and powerful players claim to have obtained our “consent” to share and abuse our personal data with all their thousands of partners.
Third-party cookies: everyone’s favorite online tracking tech was on death’s watch as a privacy-invasive untenable technology, until Google decided to cease its efforts to phase them out. Google abandoned its project to improve privacy online. https://www.theverge.com/news/653964/google-privacy-sandbox-plans-scrapped-third-party-cookies Why? I’m guessing, because the ecosystem of publishers, advertisers and ad exchanges just enjoyed the current data orgy too much. Too bad for individual humans whose data will continue to be shared (or abused) amongst thousands of “partners”.
E.xtremely L.oud O.bnoxious N.arcissist tech billionaires: Santa just wants them to STFU. Santa offered E.L.O.N.s a free one week vacation to Nelson Mandela’s former cell on Robben Island, in solitary confinement. Santa also invited them to consider moving, or returning to, South Africa, permanently, if they want to escape California’s proposed “billionaire tax”.
Nice
The Regulators, in particular, the Irish Data Protection Commission continued its pretense to regulate privacy on behalf of all of Europe in its role as the “one stop shop”...flop…and successfully finished another year doing nothing to upset the big tech geese laying the golden eggs in Dublin. You can’t be nicer than that to big tech. Its sister regulator in the US, the Federal Trade Commission, spent the year doing even less, in a Trump/Musk-induced organizational coma, after Trump fired their Democratic commissioners. The competition authorities had even less impact: the most important antitrust case of the last quarter century (Google) ended with judge-imposed remedies that were so gentle that Google’s stock rocketed 9% on the news. Santa offered the regulators a one week vacation to a Buddhist retreat: the world will end, you can't do anything about it, just accept it.
Individual humans are starting to wake up and fight back to preserve their world: real people are waking up to real threats to their freedoms and privacy. Real people are starting to object to building large industrial data centers in their backyards. Real people are starting to object to AI models taking their data to train their models, or deepfake their voices or faces, or to make basic human decisions about their lives, like getting hired or fired, or scamming them. Real people are starting to object to the mass surveillance system that the open web has become. Santa offered them heart, brain, and courage…just like the Wizard of Oz.
How about you?: have you been naughty or nice this year? Santa knows the naughty ones have gotten much, much richer this year, because the other 8 billion people got a little poorer, stealing their data from them, little by little, invisibly. This trend is not your friend.
