Guardian angel or privacy watchdog?

Elles Caroline, you’ve been a privacy lawyer for MoveYou since this year. How did you end up there?
Because MoveYou continues to expand and privacy is high on the agenda, the subject was no longer something that could be done ‘on the side’. The basis was there, but it could be fine-tuned here and there. They needed someone with a pragmatic approach and in-depth knowledge, who makes privacy accesible and understandable. Well, here I am. I have been working on that ever since and we are well on our way!

Guardian angel or privacy watchdog, what characterizes you?
Nationwide there are many misunderstandings about the GDPR and there is a lot of scaremongering. For me it’s an art to find a good balance between the user’s privacy and the use of big data, especially in a data-driven organization. I do this by conducting thorough legal research into the possibilities and impossibilities. Because I am also a supervisor, a so-called ‘data protection officer’, I am both guardian angel and privacy watchdog! But I don’t bite…

Protecting user privacy in a data-driven organization. How do you do that?
We make our users journeys more sustainable by tracking their journey. After all, that’s why our users signed up; To save traveltime and costs, but also to reduce the co2 emission. Tracking users sounds scary. But let’s make it clear that using the platform is entirely voluntary.


WhatsApp Image 2022 12 06 at 16.00.55     We try to inform our users as accurately as possible in advance about how we do this and how we handle their data. Transparency is therefore very important! But it also demands a lot from the business operations.

And how are privacy and ethics safeguarded at MoveYou?
Strangely enough, that starts with the employees. If they have the right mindset, the right products will be developed and data will be handled in the right way. What I always give away (and what is also embedded in the 10 golden rules for employees) is that they must treat customer data just as they would want their own data to be treated.

We also have an internal privacy policy, an ethical policy, and do regular risk assessments. In next blog I would like to tell more about these parts!