Millennierd logo

So You Have Nothing to Hide?

Explore why the common argument ‘I have nothing to hide’ misses the crucial points about privacy in the digital age. Learn about data collection, surveillance, and the real reasons privacy matters to everyone.

  • Ram Iyer
  • 9 min read
So You Have Nothing to Hide?
Photo by Nagesh Badu on Unsplash
Table of contents

It’s not that simple. Let’s be blunt: ‘I have nothing to hide’ is a dangerous oversimplification. Privacy isn’t about guilt or innocence; it’s about power, vulnerability, and the fundamental right to control your own information. And it’s time we stopped pretending otherwise. Think of it this way: even if you’ve done absolutely nothing wrong, would you be comfortable with a police officer sitting silently in the corner of your living room, watching your every move? Probably not. So why are we so willing to accept that level of surveillance in our digital lives?

Privacy is not secrecy

Some of us confuse privacy with secrecy. Secrecy is the act of concealing information, often with negative connotations. Privacy, on the other hand, is the right to choose what information is shared and with whom.

Consider this: Would you be comfortable wearing a t-shirt emblazoned with your PAN (Permanent Account Number)? Or having your bank balance displayed in front of strangers? How many of us say our weight or waist size aloud? But then, think about whether this information is actually a secret. Bank officials, lenders, the Income Tax Department, your tailor, your doctor, and many others know this information.

Yet, we still expect it to be kept private. Privacy is about who has access to your information and how they use it, not about whether the information is publicly known in some form.

At its core, privacy is about autonomy and control. It’s about our ability to set boundaries in our lives. We choose whom we allow into our homes. We should have the same level of control over our digital spaces. It’s also about dignity and respect. No one should have to live in the fear of their personal information being exposed or used to humiliate them.

The digital world presents a subtle but pervasive power imbalance.

Let us take the financial route, as everyone can relate to it. Imagine, for instance, algorithms that identify users with specific spending habits or debt levels and then bombard them with advertisements for high-interest loans or credit cards with exorbitant fees. This isn’t just a privacy issue; it’s about protecting ourselves from financial exploitation in a digital marketplace where information is power. We need to move beyond simply acknowledging data collection to critically examining its potential to undermine financial well-being.

Data leaks and breaches

The issue is further complicated by the risk of data breaches. Sometimes, we may willingly provide information to a company to access their services. We trust them to safeguard that data. But what happens when that trust is violated? Data breaches are becoming increasingly common, and their consequences can be devastating. It’s not just about malicious actors; even well-intentioned companies can be vulnerable due to negligence or technical flaws.

I have worked with data all my professional life. When we design products, we take a lot into consideration. Yet, we do acknowledge that there is potential for breach. On any site or service, we are only promised ‘best effort’ in safeguarding the data collected; the term ‘no guarantees’ appears in most (if not all) products either under terms, disclaimers or privacy policies. Ask anyone in the Tech field, and nobody will give you a guarantee that your data will be safeguarded to the extent that nobody can read it. Only products with zero-knowledge encryption may be able to promise that. But their lawyers would still advise against giving such a promise because in the tech world, nothing is guaranteed.

It is up to us to control the information we provide.

And you might think, with regulations such as the GDPR, your data is safe. It doesn’t work like that. Most large tech companies, with large tech teams, would simply implement tech in a way that it complies with the word of the GDPR, not the spirit. And with legalese running in several pages of fine-print, they overload you with facts, enough to make you care less and click away.

And collecting data is not even hard. All I have to do is add one line of code for Google or Meta to start tracking people visiting this site. Which is why, data collection is everywhere. The websites you visit, the phone you use, the computer you use, the shops you buy from, everyone collects data. In fact, not collecting data is hard, and requires tech knowledge; I had to actively remove tracking from this site’s design/framework to make it as private as possible.

Implications of a data breach

Now to why data breaches are (and should be) concerning.

  • Financial Loss: A data breach at your bank could expose your account details, leading to fraud. Need I say more?
  • Identity Theft: A breach at a government agency could compromise your identity documents, enabling criminals to impersonate you.
  • Reputational Damage: A breach at a social media company could reveal private messages or potentially embarrassing content (read: photos, videos, voice notes).

We’ve seen major breaches in recent years that underscore this risk:

  • Equifax: The credit reporting agency’s breach exposed the sensitive financial information of millions1.
  • Yahoo: The email provider disclosed breaches affecting billions of users, compromising personal details on an unprecedented scale2.
  • BigBasket: In 2020, the online grocery platform BigBasket suffered a data breach, exposing customer names, email addresses, phone numbers, and addresses3. This highlights the vulnerability of e-commerce platforms that handle sensitive customer data.

These incidents highlight a crucial point: even if you’re comfortable sharing data with a company, you’re also placing your trust in their ability to protect it from others. When that trust is broken, the consequences can be severe.

What happens after a data breach

Data breaches happen for various reasons. The most common is pulling data to sell on the dark market. And several entities purchase this information. For instance, an insurance company could acquire this data to make its own list of individuals along with their spending potential. Apart from this, they could use the information about your purchases to see who buys what kind of product and how much. And depending on their slicing and dicing this information, give you a price for the insurance premium. Or, a data broker can buy this information, perform the slicing and dicing, and offer this information to several insurance companies.

Such data can also be valuable for ad companies. Ad companies use this data to profile you and offer ads for products at the top of your buying potential. They benefit from the bigger cut, but you, on the other hand, buy a costlier product.

Which brings me to another issue:

The interpretation of data

Imagine there is a popular dashcam brand, which makes dashcams with a GPS chip. Say this dashcam, apart from capturing footage, also captures the location information and logs the location information on its server. Every entry is tagged to a user. And you, a user, have given your email address and phone number to this service. Now, essentially, your car dashcam company can track where you go.

One day, there was a data breach at this service. Data of millions of car owners got leaked. Car insurance companies could buy this information, and see who drives where the most. Your location data might reveal that you drive in areas with higher accident rates, leading to higher premiums, even if you’re a safe driver.

Another example: Say an insurance company got the BigBasket data, and saw that you buy a lot of packaged food, often high on the “junk” factor. The company could assume that you were buying it for yourself, while you may just have been buying it for friends or family. You could either be offered a higher premium or denied coverage.

A third example: Say there was a riot, in which youngsters were involved. You happened to be in your teens or twenties. You went to the street behind the epicentre of the riot, to get your suit from the tailor. The law enforcement could get a dump of phone numbers from the service providers, tower-triangulated to the epicentre of the riot. And falsely accuse you even though you had nothing to do with the riot.

All these are cases of misinterpretation of the data. The problem here is, we don’t know what information is being collected and how it’s being used. We have limited control over the accuracy of such data.

The only way to control this is by controlling the data we provide.

But my data is already out there

That kind of resignation that the genie is already out of the bottle is understandable, and quite common thinking. It leads to complacency, which is precisely what large corporations who deal in data want.

Privacy is not binary. It’s not anonymity or secrecy. It’s about controlling who has what information about you. The silver lining is, you keep changing, and along with you, your data changes as well. What was true about me in 2020 is not true in 2025.

Also, the data points are like pieces of a jigsaw puzzle. What was breached in the BigBasket breach was a cluster of pieces. But not the whole puzzle. Yes, even with a cluster of pieces, someone can make out what the puzzle is about, even though the individual pieces themselves may not reveal much information. But the number of pieces is the key; the more pieces someone has, the better they can solve the puzzle. Our goal is to limit the number of pieces. Protect everything you can.

With every action that you take unprotected while online, the more crumbs you leave behind. And new data is more valuable than historical data in most situations. Because it establishes your current context, in which you will take future actions. This is more valuable. Safeguard this information.

Next steps

Ultimately, privacy is a fundamental right. It’s not about having something to hide; it’s about protecting our freedom, our autonomy, and our very selves in an increasingly digital world. We must move beyond the simplistic “nothing to hide” argument and demand a future where privacy is respected and data is secured.

We will visit what to do about this in the next article, as this one is long enough already.

  1. Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach ↩︎

  2. Yahoo Data Breach: What Happened and How to Prevent It ↩︎

  3. BigBasket faces potential data breach; details of 20 mn users put on sale ↩︎

Ram Iyer

Written by : Ram Iyer

As a tech enthusiast with a passion for science, I write, code and create to help you make your life better.

Recommended for You

Control Your Digital Life

Control Your Digital Life

It's time to be intentional about your digital footprint. Learn practical steps to control your privacy and create a more secure online experience.

Stay updated.

Join our community of enthusiasts and stay informed. Enter your email address, and we'll make sure you're always in the know!

Powered by Buttondown.