Hey Nymsters!
This week’s call focused on privacy regulation and what companies actually promise when they say they “protect your data”. We hosted Walter van Holst from Hooghiemstra & Partners together with Casey and discussed privacy statements, metadata risks, AI, and why collecting less data is the only reliable compliance strategy.
Free 1-month NymVPN access codes were dropped live during the call.
Privacy Statements & Responsibility
We explored why a privacy statement should explain system behavior instead of marketing guarantees, and why the safest data is the data you never collect.
Walter shared examples from his legal practice at Hooghiemstra & Partners.
Regulation, Age Verification & Chat Control
The discussion covered:
• Governments shifting enforcement to private platforms
• The “papers please internet” risk
• Child-safety narratives used to justify surveillance
• Why compliance pressure reshapes architecture
We referenced real-world cases like Discord introducing teen-by-default safety settings and even simplified privacy explanations such as LEGO’s short policy for kids.
We also mentioned how citizens can influence regulation through the EU Citizens’ Initiative process.
Metadata & Identifiability
Key takeaways:
• Metadata identifies people better than content
• A small number of location points can uniquely identify users
• Mixnets exist to break linkability
AI & Right to be Forgotten
We also discussed how AI models may retain information after deletion requests and why courts will likely define the future standards of privacy in machine learning systems.
Timestamps
00:00:33 Intro & guest
00:01:49 What Hooghiemstra & Partners does
00:06:25 GDPR & responsibility
00:10:20 Chat control debate
00:21:18 Age verification
00:27:21 Privacy statement vs policy
00:38:22 Metadata risks
00:46:55 AI & right to be forgotten
00:59:29 Closing
Thanks to everyone who joined and asked thoughtful questions.
See you next week 