27/08/09

Privacy Barcelona Mercè Race: run for your privacy

Posted in Barcelona, Privacy, The real world | 4 Comments » Tweet This Post

In my effort to be a healthy citizen I try to exercise regularly logging all my exploits into my favorite social network dailymile.com. The insane goal: run a marathon some day.

Each September me and my friend Pepepérez put ourseves to a test running La Cursa de la Mercè, a 10Km race organized by the Barcelona City Council during the city’s festivities.

I probably never payed attention before, but this year I noticed something funny after completing the inscription form: my data (along with those from thousands of paticipants) where made public in 3rd company website right after I signed in (is this the live web?)

So now, if you want to know my full name, the date I was born or the sports club I belong to, you can just head to this website and look for my name. Being a public page I bet Google will index it in a couple of days too!

Another hall of shame award goes to the footer of the inscription form with a fine-print font size of 9px and a opt-out checkbox for commercial emails instead of the mandatory opt-in. The registration form is by the way stored in the private company server again instead of Barcelona’s City Council. I don’t even want to think where the actual physical database is.

You don’t have to be a law expert to know that this violates all kinds of data protection regulations especially Spain’s LOPD one of the most stringent in the world.

Dear Barcelona City Council, if you want a lesson on live web just search Twitter for the right tags and see what people are saying about your bad online behavior in real time.