Online businesses want your personal data, and they’ll deploy every scam they know to trick you into handing it over -- and keep handing it over.

Take the micro-blogging site Tumblr, for example. When the EU’s General Data Protection Regulation (GDPR) came into force on May 25 this year, Tumblr let its users choose which advertising networks could access their data. But they listed all 350+ of them individually, so users had to untick them one by one — without  explaining who any of these companies were, or what they’d be doing with the data.