It’s been a battle with doubt and insecurities.

I’ve gone from being the dumbest person in the world, to “what the fuck am I doing” to yeah-sure-you-got-this-in-your-dreams.

School starts Monday and it’s done a number on me. What qualifies me to hang with a bunch of super lawyers and DPOs to study in the same program as them?

What makes me think I can do this?

I should know this pattern by now. I experience it for every new client that’s some sort of super cool. For every new talk I’m about to deliver. For any workshop that I’m honored to give.

Regardless of the pattern I still get sucked in.

Regardless of being able to predict it it still happens.

So I let it be. I cried. I screamed. I went for a run. I went for a swim. I didn’t sleep and then slept so much I was missing meetings.

And now I’m out on the other end. On the train the day before a new 2 year adventure of which I’m not sure what to expect.

Why did I let it be? Why did I not talk myself out of it?

All that drama in my head also makes me get it all together. It drives me to get some sort of control. To make lists. To organize my schedule.

That’s what I did.

Remembered routines, organized availability, scheduled in time to study, work, and train. Foresaw issue and scheduled in buffers.

Best of all - I also scheduled in non-schedule-able time.

Yup. I did it. I put big blockers where I’m not allowed to schedule shit. Where I allow my brain to process everything I have taken in. Where my body get’s to dictate if it wasn’t to rest or go for a hike. Where I get to enjoy spontaneous date night or nights out.

Currently Reading:

A lot of random cases assigned for school.

Why do I feel like I need a proper holiday considering I was just on one?

I made a mistake.

I allowed myself to work, off and on, every single day. I did not take one day off!

The beauty of working for yourself is the flexibility. Being able to work from anywhere, anytime. It's bliss.

But it kicks you in the ass.

Working, even if just a little, fucks you.

My brain has been constantly on. Every day. I've been taking in information every day. From clients, from school, from newsletters, from cases, etc.

And I did not allow my brain a single day to process. Not one.

So after spending a few weeks with reduced meetings, reduces posts, less writing, less reading for work, and less deliverables I'm totally shot.

I also got to kite surf, wing foil, swim, and hang with friends.

But not once did I even take 30min to just be and sit. Process. Let me brain make connections. Let it do what it does best.

So now, on the plane, my brain is giving up. I feel more tired that I have in years.

Time to see how I can give myself a day of nothing to clear out before I dive back into work, content, conferences, and school.

(someone please remind me over winter holidays to take some real time off)

I read a lot and I don't remember any of it. Guess that is what happens when you don't have a moment to process anything you take in.

Currently reading:

see above

I talk to marketers a lot. Mostly the cool type. The ones you aspire to be like.

Those that care. Those that do right by their customers and users.

So it makes sense that they want to talk about privacy.

To talk about Data Protections.

About Compliance.

It also makes sense that they want to talk about ethics.

AND why not just lump them all together: one big happy package of doing good by your customer.

But it’s not the same.

Privacy: a state in which one is not observed or disturbed by other people

Data Protection: a strategy set to secure privacy, availability, & integrity of data

Ethics: moral principles that govern a person's behavior or the conducting of an activity.

Compliance: he action or fact of complying with a wish or command.

They are different. Very much so. And they have different applications.

Now I understand that Privacy and Data Protection get used interchangeably - a lot. And that is ok.

But it's crucial you understand what the difference is, especially if you talk to people from other countries who use words differently.

Some Data Protection some say Privacy. Some say Data Privacy some say Compliance.

But back to the point.

Be aware of what word you use. Know what you mean. Explain it.

I have been is too many situations where we talk past each other.

Questions go unanswered or feel like they are being avoided.

Why?

Because I think of Compliance as - "in compliance with" and not it's own thing.

I use Privacy to mean Data Privacy and Data Protection.

I think what is ethical is hard to define and use Ethics to generally mean being morally good.

But others don't.

Want to hear some of the confusions that can happen as well as some insightful conversations on Privacy and Ethics go check out the conversation we had with the TLC community here.

Currently Reading:

Your Privacy is Important to U$! by Jan Trazkowski

and

Kitchen Confidential by Anthony Bourdain

Best Short Read:

Joe Jones LinkedIn post breaking down his takeaways on US-EU adequacy.

Best Privacy Read:

An in-depth analysis of Social Media privacy notices.

Yes, I skipped a week. Glad you missed me. Validates what I do.

I took a long weekend and promptly got sick. Right on cue.

But still it was a long weekend without work which was exactly what I needed.

Gardening, swimming in the sea, good food, early morning walks. Yes, just what I needed.

But then it was right back to it. This is going to take some getting used to. I used to work 4 days a week (I spent one full day working for myself, does that make sense?) but now I need to figure out how to get all that client work into 2 days.

2 days!!!

Is that even possible?

Maybe I don't really need 3 days to study. Let's hope I'm right and then I can take a day back for work.

And it's really going to be 2.5 days as I'll take one of my off days and work some - I always do so it might as well count.

But for now I'm not going to stress.

I'm going to let summer happen.

Summer just be.

I will cram in as many super early morning work sessions until it's vacation time. And then I'm going to let it all go. Turn on Summer Siobhan.

Summer Siobhan (this is the first year she's not turned on the whole 2 months of summer! only 3 weeks…)

Summer Siobhan doesn’t bother about:

• her workouts

• her bedtime

• if she is being productive

• reading non-fiction

• writing

• posting on social media

• what she eats

• what she drinks

• …

…unless she wants to.

Summer Siobhan is mega.

Summer Siobhan is anything she wants to be at the moment.

The other 10 months you ask?

Well, then I get shit done. I'm still 100% me. Me that never really stops and always piles it on to high. But in those 10 months I'm disciplined me and actually get it done.

Currently Reading

Fresh Complaint by Jeffrey Eugenides

Best short read of the week

Jon Jones LinkedIn post on the EU-US adequacy decision.

Best privacy read of the week

Jamal Ahmed’s newly launched book The Easy Peasy Guide to the GDPR

Life as I have known it since my mid-20’s is over. 

No, I didn’t get married.

No, I did not have a kid.

I’ve decided to go back to school and that starts today.

It means studying a field I have never had to study. Getting my head back around studying, note taking, writing, challenging thoughts, a thesis, class mates.

You get the picture. 

A somewhat new world for me. But also a very exciting one.

I’m going back to school for a LLM in Data Management, Cybersecurity, and Privacy. 

What a mouthful that is. Won’t be saying that often

Back to school is easier.

Today it all started. Me a 30 others are starting our summer pre reqs before the official start in September. 

No summer vaca for me. Instead I get to learn about computer science and emerging technologies along side a healthy does of EU law. 

This will also mean that I will be reading a lot less. The potential of weekly repeats in the currently reading feature is very high. 

Drop me a message if you have any advice - it’s always welcome and it’s been nearly 20 years since I’ve been in school.

Let the fun begin. I’ll keep you posted to my journey and how I juggle (or not) work with school.

Currently reading:

The ABC’s of EU Law - for school. 

Best short read of the week:

How Threads privacy notice compares to Twitter and others.

Best Privacy read of the week:

This post breaking down the No GA ruling in Sweden. 

Really late.

It took the weekend off. Got on a boat. Left all devices home.

It was needed after the chaos of last week.

The last minute consultations. The “everything-is-going-to-break-i-don’t-have-ga4” drama.

No preparation could have helped me. And clearly a lot of people totally failed to prepare for the dreaded July 1st.

But we survived. And your business did too. 

You might even have realise that:

• You don’t even use all that data

• “Listen to my gut” overrides being data-informed

• GA is not the only solution out there

Or you freaked out and called me. Glad that’s over with.

But I’m starting to think it’s only the start. 

There will be those who realise that all that data is really not needed. That they don’t need to collect it. They don’t use it anyways. Great.

And then there are those who want their newly found GA4 to look, feel, and taste exactly as Universal Analytics did. Enter the Looker Studio copy cat dashboards.

I’m secretly hoping that people learn from this. Not learn to be more prepared but learn that they don’t need all that data. Think about what data they really need. What data they can action on. 

And while they are at it maybe they will also consider how to better respect users data (i.e more privacy focused). 

(Wishful thinking?)

In other news: I’m trying something new with my newsletter this week. Addressing real pains with real (as in my clients) solutions. Hope you guy like it. 

Currently reading: 

Industry Unbound by Ari Ezra Waldman

Best short read:

Ireland taking steps to protect Big Tech. Always fun when they pull this shit. Is it even  legal?

Best privacy read:

Nothing much this week but check out this post with all the hardcopy books that are privacy, data, and marketing related that I read (or started) this year so far. 

And I’ve done so much to prepare.

It’s the final shit show before Google forces the switch from UA to GA4. 

I’ve made it clear I’m not doing last minute jobs. I’ve made it clear that if you convince me I will tack on a mega express fee.

And it’s still happening.

I have this one rule - you don’t turn down talking to a referral. 

If a past client refers someone I will always talked to them. It’s how I get more referrals than anything. 

Also, if a past client comes to me - I talk to them and usually do the work.

Those two, referrals and past clients, have overwhelmed me this week in a way I could not have anticipated.

Did no-one read all those emails I sent about need to switch? The ones I’ve sent of the past year?

This week I have had 9 discovery calls.

I’ve agreed help out for a few.

They are all needing to pay mega fees.

All because they choose to push this decision under the rug. 

To top that all off I’ve had a lot of privacy consulting work ramp up - which is great and I love it. Best of all, it’s challenging work that is pushing me and getting me excited. Of course a lot of it is intertwined with marketing which makes it all the more fun. 

Best part, they don’t have that damn July 1st deadline.

Other than that I have had not much time to think. And I’ve taken the weekend to read fiction in the sun, go for 5am runs, bake bread, tend to my garden, and spend time with my dogs. The best prep for a long week ahead.

Currently reading:

The CIPT book from IAPP as I have to sit my exam in September. Dry and dreadful reading but mandatory for the exam. 

The fiction book I’m nearly done with is the same I’ve been for a while (and loving it more and more) - Goldfinch by Dona Tartt.

Best short read of the week:

A blog on the upcoming privacy changes at Appel by Cory Underwood.

Best privacy read of the week:

This post by Jay Averitt on what a technical privacy review is.

So I’m on automatic.

I’ve walked the dogs.

I’ve fed the dogs.

I’ve fed Seymour the Second.

I’ve gone for a run in the rain (and why the fuck is in raining in Greece in June? what happened to summer?)

I’ve lifted some weights.

I’ve fed myself.

But that’s it for automatic. The rest of my day is not and that’s going to be a struggle considering it’s 8am and I’ve been up for just over 5 hours already.

Why am I telling you this?

I’m tired. Tired means no functioning filter. I can not be held responsible for what I write today.

But I will still try to reflect on my week.

Problem is I don’t remember much of the week.

I’ve done a bunch:

• Finished phase 1 of a data governance project. All the research and most of the technical stuff is done.

• Finally figured out that damn issue in GA4 for my client. It took way to long and I’m glad to see it over with but I’ll miss playing GA4 detective.

• I started a lot of conversations on LinkedIn regarding consent and how people view privacy.

• Added more speaking engagements to my calendar for the year.

A note on LinkedIn - I’ve been loving it. Once I committed to just being me and not pretending to be whatever I think the algo or someone wants me to be it’s been soooooo much fun.

It takes less effort to just be me.

And I have opinions so it’s easy to just put them out there.

Not only has it started conversations but I’ve learned a lot. I call this a huge WIN.

Another win was very much a me win. A win that will make my life easier. Something I’ve been putting off for way to long.

I finally set up my Tana in the way I need it to be.

And it feels so good. I’m actually happy looking at all I need to do now. I don’t have to constantly think about what I’m forgetting. It’s all there.

Don’t ask me why it took so long. I feel like anything that does not have direct value and is just for me takes at least 5 times as long to get done.

Yeah, I know. The whole take care of you first etc. Logically it all makes sense but in practice that’s a whole other story.

Currently reading:

When I took my altMBA they shipped us a stack of books. I did not read all of them. This week I have been rereading one started reading another.

Thanks for the Feedback - a must read for everyone. It will make us better people.

The Art of Possibility - not sure about this one yet. Having a hard time “getting it” within the first chapters but let’s see.

Best short read of the week:

Simo’s GA4 rant was def the best read of the week. Priceless.

And this piece on the Ultramarathon Mindset and how to get things done.

Best privacy read of the week:

The NY Times one what you are actually agreeing to when accepting a privacy policy.

It feels more like 2 days.

I took some time off for the long weekend and enjoyed wandering the hills in Lisbon. That and eating a lot of sardines. Heaven.

I’ve also spent a lot of time thinking. I know - too much is no good. But I needed to gain some clarity and as I’m still only half way through I might as well tell you about the half way point, right?

“What do you do?”

I get this all the time. And it causes me to stumble over my words, mumble, throw together a bunch of words and stare blankly - all at the same time. Safe to say no one really understands me and sometimes I wonder if I understand myself.

It’s not like I’m trying to create a new category or something so (in my head) it shouldn’t be that hard.

It’s painfully hard.

I know what I do. I do it all day long.

I can’t define it. I cant explain it simply. I can’t communicate it.

So, I’ve been struggling with the definition of what I do. The “what am I in the process of pivoting to”.

Then the big A-ha moment. (yeah, I wish). Wandering from one wine bar to the next in Lisbon I thought “

“Do I really need to define that now?”

“Do I really need to finalise the what-I-do mid-pivot?”

I’ve decided no. I’ve decided this is not essential to my offering. And that I have time to deal with it when I have more clarity as to the full pivot.

So there I am. Half way into a process with a clear decision.

The other decision I made? I need to clearly define my offer(s) - no getting away with that one - to allow me to communicate better across the board as to how I can help and provide value.

Currently reading:

Stolen Focus by Johann Hari is what I’ve been reading while away. I’m nearly done and have to say that even though there are some clear i-knew-that moments it’s a must read for anyone who thinks it’s a bigger thing than just your own discipline problem (when it comes to losing focus).

Best Short Read:

The Google Analytics 4 rant by Simo is priceless.

Best Privacy Read:

Cory Underwood talking about the anticipated link tracking protection and how it will affect measurement starting with iOS17

So much that I’m starting to wonder who actually did switch over, to GA4 or to another tool all together, in advanced.

Is there really such a lack of planning? 

It makes me think that all this “we are data driven” bullshit is really that - bullshit. 

I, for one, can’t be bothered. 

Yeah, I get it - just charge a lot and make the money, but no, I’m good. Thanks.

If people have not thought they needed it until now, and they only do because Google is scaring them with all sorts of banners and pop ups, then they don’t really need it. 

They are not making decisions based on their data.

They don’t respect their data.

They don’t do shit with their data other than have it because….well, because someone said they need to make decisions and be data driven.

Those are not who I want to work with - why would I?

It’s an afterthought for them.

And no matter what I do they won’t suddenly use that fancy dashboard. AND they will never be fully happy about the money they paid you to give them something they will never use. 

So that’s that - I have a waitlist. A 6-month waitlist. I’m happy to recommend other freelancers and agencies who are mega great at what they do. Would you like me to recommend them?

Currently reading:

The same as last week - why? I’ve been too busy fighting off all the GA4 requests.

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week:

Nothing other than this post on LinkedIn. Reverse-engenieerring a keynote.

Best privacy read of the week:

Don’t be fooled by Metas fine for data breach by Johnny Ryan in the Economist 

I have set my whole life up to support it and allow for the flexibility of being wherever I wanted.

(Marrying someone without that flexibility was not in the plan but oh well - love happens)

This week made me appreciate face to face.

I sometimes forget how nice it is to just sit and have a conversation that leads into a meeting. 

Reading body language.

See the focus.

Being fully present. 

Even better I treasure the way it improves every meeting after, regardless if it’s online or not. 

I’ve had a crazy week. Spent most of it in London working with a client. 

A client who I used to go visit as a child and could never get enough - I swear my mom has dragged me out of that place more times than I care to remember. 

Last time I was there I was 16. 

Now I’m 40 and this week I got to meet with some of their teams to discuss how they can shift and optimise their data tech stack to think privacy first while still allowing for growth.

We have a long journey ahead but I love seeing how an institution such as this still has the motivation to move forward and consider everything from privacy and security to growth. 

In other news, the agency email and requests forms are blowing up.

No matter how many warnings have been published by me and everyone else it seems that everyone just clicked that Universal Analytics will be no more and they need to shift to GA4 - stat.

It’s a lot so we made some decisions:

• clearly state what will and will not get done before UA is done

• charge an expedite fee on top of the usual project rate

• only take the clients that we want to work with

It will be a crazy June but I’m still trying, somehow, to find balance so that I don’t burn out in a month.

Currently Reading:

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week (which is also a privacy read):

Empowered by Consent 

Best privacy read of the week:

Nothing other than the newly passed Washington privacy law (I know, sounds fun)

It was also super productive.

(Maybe I should be a bit proud of getting some shit done)

I skipped 5, out of 6, Greek classes this week!!!!!

My husband has this thing he says about me. Something along the lines of “when she decides to do something she goes all in, semi-committed does not exist in her vocabulary”

I think he might be right.

I signed up for a Greek course that was 20 hours a week plus an hour commute each day. Along with running an agency, working as a privacy consultant, and trying to still be a decent dog-mom. 

It think it’s clear - it was way to much.

But I had said I’d do it so I did not skip class and somehow found time to study. Even though I said I would prioritise work and skip class as needed I didn’t. 

I should have. And I really do hope that I learn from this. 

Skipping most of the week gave me the time back that I needed. It allowed me to see how far back I had fallen. It made me face my notes, tasks, and to-do’s that were EVERYWHERE. Desk, desktop, iPhone, bed-side table, kitchen table. Fucking everywhere. 

How did I ever get that disorganised?

Oh well, I’ve collect all those notes now and realised how much work there is to do.

And I managed to hit 3 out of my 4 must to-do’s of the week (it’s been a while this happened).

Lessons learned - don’t take on more than you can handle or learn to semi-commit and give yourself the time you need for your priorities. 

Currently reading:

Ethical Machines by Reid  Blackman - still reading it, almost done and I still think you should: READ IT.

Best short read of the week:

How to ask OpenAI for your personal data to be deleted or not used to train its AIs

Best privacy read of the week:

This post on Privacy vs Security

We see it a lot. It’s a common reason for a fine. Usually lumped together with a bunch of other Article 5 violations.

So what is it all about. 

Article 5(1)(c) of the GDRP is also know as the Data Minimisation principle and states:

(Personal data shall be…)

“(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”

And it’s not limited to the GDPR. Most US privacy laws also contain data minimisation regulation of some sort such such as:

“(c) A business’ collection, use, retention, and sharing of a consumer’s personal information shall be reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.”

And Data Minimisation, as you can see above, usually does not live alone. It’s combined with purpose limitation as well as storage (or retention) limitation. 

But first, what is Data Minimisation?

Essentially, it's means to only collect the data needed to run your business - not more.

What does that mean for marketing?

Only collect that data you can action on, that drives decision making.

It means that you need to develop a clear data strategy and fully understand what the purpose of each data point is that you collect.

There has to be a purpose behind every piece of personal data you are collecting.

Why?

Well, it’s hard to practice the principle of Data Minimisation of you don’t understand the purpose of your data nor have a retention strategy. 

If you don’t have a purpose for the personal data you collect, then you shouldn’t collect it.

If you don’t have a retention schedule for the personal data you collect, then you should not collect it. 

It all comes down to strategy. Needing to have a clear data minimisation strategy is becoming essential if you want to stay compliant.

You should:

• only collect what you really need

• have a clear purpose to collect it

• have a retention schedule defined for each data point

How does this look in real life?

Let’s take a simple eCommerce transaction that requires you to ship the customer a t-shirt. 

What do we need?

Name - to know who to ship it to

Address - to know where to ship it 

Credit Card Info - to run the payment for the purchase

Retention of data is driven by various elements but in the above case we need to keep all the above information on file for returns, refunds, chargebacks, and tax reasons (depending on country up to 7 years)

Or consider you are asking users to sign up to download a white paper.

What do we need to collect?

We don’t need to collect anything really. We could just let them download the paper. But let’s assume you are using the white paper to expand your email list, then what?

Email - so we can send the email (providing they opt in)

Anything else? - No

You get the point, we only need to collect very little data and the less we collect the less risk there is. 

But we also need to grow and build a successful business, part of which is email marketing, building lead sources, re-marketing, etc.

So how do we find a balance as to what to collect and what not?

How can we still grow and honour the data minimisation principle?

Create a data minimisation strategy

Create a strategy that clearly defines:

• what data has to be collected

• why the data has to be collected

• what action will be taken on the data being collected

• how the data will affect decision making internally

• what functions the data has

• how long the data will be stored for 

• the reason the data is being stored for a certain length (i.e tax, transaction, marketing)

Is Data Minimisation worth it?

100%. I’ve been telling clients for years to only collect the data that they can action on - data that drives decisions. It allows for clarity and reduces the time looking for insights - it's easy to get lost in a table full of useless data.

Here are some additional ways data minimisation can help you:

• It helps you determine what data to collect, process, and store (and for how long to store it).

• It helps you discover what unnecessary data you are collecting.

• It helps expose any risks your data is exposed to while collecting, processing, and storing.

• It helps limit the amount of personal data you are collecting.

• It helps reduce the risk of a breach by limiting the amount of data you are collecting, processing, and storing.

• It helps reduce time spent looking for insights in your larger-than-life data mess.

Data minimisation is not only about privacy, compliance, and reducing risks. It's about making your data more accessible and being able to action on the data you have.

It’s as if it never happened.

It started off super positive and productive and then just crashed, or better, I crashed. 

To be clear it was my first full week back since some time off so that might be the reason.

It was also my first week back training and my first week back at school so….just a bit overwhelmed.

The bits I do remember have been good even though I did not get a single thing done that I said I would.

(Have I ever mentioned that I have a weekly meeting with a friend to discuss exactly that? Every Friday we go over how our week went, challenge each others excuses, discuss options forward, and set the top priorities for the following week. It’s priceless and then best meeting I am fully committed to every week.)

I had set out to finish a blog post on Data Minimisation, record (in full) a data privacy for measurement marketing mini course, and finalize my content strategy.

What did I do instead?

Meetings - a lot of them

Got interviewed for a post on privacy and marketing

Created the script for the data privacy course

And talk a lot about how I need the content strategy but didn’t take any action on it.

So a whole lot of something that did not line up with my priorities for the week. Not great. But it happens. 

It also feels a lot like a week where I took a lot of passive action instead of active action. Not great as there needs be a balance.

The most passive action I took? Get sucked into the rabbit hole of ad tech, privacy, and all the new „solutions“. I had to do the research as I wanted to write on it for my newsletter but instead I just kept crawling deeper and deeper and never put any of my thoughts into words. The result was an email saying I’m down the rabbit hole and that once I find my way back I’ll send out what I actually learned - not super valuable, I know. 

In other news, check out this episode of Sustainable Compliance where Jacob Høedt Larse and I discuss how marketing and privacy should, and could, create a productive relationship to allow for more company growth.

Currently reading:

Ethical Machines by Reid  Blackman - just about half way through and all I can say is: READ IT.

Best short read of the week:

A great post by Steen about the value of data and my continuation on his thoughts. 

Fighting for cognitive liberty

Best privacy read of the week:

Good practice initiative for cookie banner consent management

I thought I would - but not really.

No, not you - the writing, the working, the staying on top of everything. I didn’t miss any of that. 

Which is great. I usually have a hard time taking a break. I’m always working or trying to catch up, learning new concepts and laws, or studying for some new certificate - I just don’t know how stop (FOMO?). But this time I did, and it was mind-blowing. 

I did it. I enjoyed Korea. And best of all it gave me the space to come back thinking better and with a new perspective on things. It allowed my head the nothingness it needed. 

But the world did not stop when I did - so things happened, and some major news happened all while I’m taking the time doing nothing. 

(here is my rant on feeling constantly watch and how that puts privacy here in Europe into perspective)

I’m going back to school!!!!!

Remember I mentioned that I was applying for a LLM in Cybersecurity, Privacy, and Data Management at the University of Maastricht? 

I finally got an answer back, on day 2 of my vacation, that I got in.

Starting September 2023 I’m going to learn, grow, be challenged, and more by my peers and professors and I can’t wait. 

Thankfully it’s a part time degree (2 years of it) so I can still work but I will need to have a think as to by how much I will need to reduce client work or make other adjustments. 

What else? Nothing much really. It’s been a classic first week back at work. You know. Those crazy moments of catching up, meetings, and reading all those newsletters you’ve ignored. 

It was also the first week that I’m officially working with a new client of mine (a dream client!). It’s a challenging project and I’m excited to get pushed out of my comfort zone and to challenge myself to find unique solutions. 

Some other exciting things that I did this week:

Appeared as a guest on the Sustainable Compliance podcast (I’ll push it on LinkedIn once out)

Appeared as a guest on the Privacy Pros podcast (again, I’ll let you know once it’s out)

Got quoted on my ideas around A/B testing and privacy in this PiwikPro blog on best A/B testing alternatives to Google Optimize (which is sunsetting soon)

Currently Reading:

Not much here as I’ve been mostly reading emails but I’m currently finishing up Rapt by Winifred Gallagher . The idea and the content are good although I find it a bit all over the place and feel and hard to read. I’m having a hard time defining the argument or goal of the author which is making it hard. But at the same time I’m still reading it and enjoying it as the ideas are good ones. 

Best Short Reads of the Week:

The A to Z of Artificial Intelligence by Time Magazine

Best Privacy Reads of the Week:

I’m trying to get back up to date so there is a lot of scanning and not much reading. Some things that did stand out where:

This post by Soribel Feliz about AI and Privacy common denominators 

This blog post discussing if the DPDI Bill No 2 definition of Personal Data is not in line with Convention 108

It’s as if all those tasks, deadlines, and obligations creep up on you just then - and there is no way you’ll ever get them all done.

But I have left. And that’s it. No work for 2 weeks (this also means no weeknotes for 2 weeks).

The big Q is if that will actually happen….

I doubt it. I say it’s vacation and no work. But does that ever happen? Do I ever take a full break other than on a weekend?

NO.

The week itself has been such a blur that I’m not quite sure what I actually got done, and what didn’t get done. I’m ok with that.

I’m choosing not to reflect to much on this past week - for my sanity.

Sometimes that’s what needs to get done. Just let go and choose, consciously, to not reflect on the week. To protect yourself instead.

So here is me trying to take 10 days off and not work. I’ll report back as to what really happened once back.

(Where am I going?

Korea)

Currently reading:

Slouching Toward Utopia: An Economic History of the Twentieth Century by J. Bradford DeLong

Best short read of the week:

Tubes #3: Abstract Expressionist Tech Policy

How ChatGPT and Bard Performed as My Executive Assistants

Best privacy read of the week:

GDPR vs U.S. state privacy laws: How do they measure up?

Everyone Wants your Email Address. Think Twice Before Sharing it.

Waiting for:

• an answer from school

• access to tools from clients

• new clients to sign off on the last bits

But also a week of getting things done.

Most excitingly is that I finally got this site revamped. I

sn't it pretty?

I'm in love with it. The colours, the font (no, it's not a google font) - everything. Most importantly I'm happy to have a space that I love to share my thoughts and writing on. A space that I feel shows who I am and one that I'm happy to share on.

Writing is not something I'm good at. But it is something that helps me; helps get my thoughts processed.

It's something I want to get better at and getting better takes practice - so I'm trying to write. A lot.

Research is another skill I've been trying to wrap my head around. My ideas and thoughts are only worth so much, I need to get good at researching and reading on other peoples thoughts and ideas to develop mine. Keeping track of all that research is becoming tricker by the day. It's all there but not in a way that is easily useable. I have a feeling a good chunk of the next few weeks will be me trying to re-configure my system.

Next week is my last full week of work before heading out for a bit.

Currently reading:

Still working though my novel (can you believe it - I have not read a single privacy book in 2 weeks!)

Goldfinch by Donna Tratt

Best short read of the week:

Nothing really caught my eye this week - it feels like that everyone is just talking about TikTok.

This post by Tim Wilson was good though.

And this read on non-linear career paths.

Best privacy read of the week:

On EU digital strategy

You'll get a fine unless you switch to an alternative

You hear it everywhere.

So....

Let's set the record straight.

Nothing is banned - the Data Protection Authorities don't have the authority to ban a tool or product.

But then what is the issue with Google Analytics?

This is where things get confusing.

- is it Personal Data?

- is it the transfer of data?

- is it a data residency or data jurisdiction?

It's a bit of all.

Personal data encompasses a lot of data points - and I mean A LOT. Any unique identifier, IP address, location, email, name, etc. It's practically a guarantee that you are processing personal data within your GA account, especially if you are linking to other Google tools such as GoogleAds.

Then we have the transfer issue. In short, the US (where Google is based) is not considered an "adequate" country - a country that is not considered up to par in regards to it's data protection and human rights according to the EU.

What does that really mean? It means we are not allowed to send personal data to the US unless we enter into a contract with standard contractual clauses that provide the data subject with a number of safeguards and rights in relation to their personal data. (Google does this btw.)

But the rights and safeguards needs to be equal to that what the EU provide. And that is a problem mainly due to FISA (The Foreign Intelligence Surveillance Act).

FISA allows the US to gather data and information on non-US citizens from any company within the US - which leads us to the next issue.

Data jurisdiction.

Where the data is located does not matter as much as what laws the data is being goverened by. Any US based company (such as Google) will need to hand the data to the US, if requested, regardless of where the data is actually stored.

To sum it up, it looks something like this:

Google Analytics collects personal data

AND

Google transfers that data to the US (this is the case for UA, for GA4 its debatable)

AND

Google is a US company so the US could have access to the data.

So now what?

So, what do you do now? Stick with Google Analytics and hope that the US-EU issues figure themselves out?

Believe Google when they say GA4 is privacy-focused and that's that?

Switch analytics providers?

It really comes down to what you business requires and your appetite for risk.

You'll need to ask your self a few questions:

What data do you really need?

List the data that you actually use. The data points you can action on. Not the "I want if/maybe....".

Something as simple as an agency site doesn't need much. eCommerce a bit more.

Look at your data and understand what you really need.

How valuable is that data to you?

What value does that data give to the business?

How valuable is that data to making decisions that affect the bottom line?

For example: For a company that relies heavily on Ads the data collected to understand the ROI of advertising campaigns have high value.

How much risk are you comfortable with?

How much risk are you willing to take?

Consider elements such as fines and what could happen if you are breached (this is a PR nightmare).

Weigh your odds

If, after the first question, you realise you don't need anything as complex as GA you've got the easy end of the stick; move on and find a simple alternative that gives you just what you need.

If you do need something such as GA4 and, none of the alternatives work for you, it's time to weigh your odds.

Does the value your data provides outweigh the risks?

A Note on Tools

Most tools do not work out-of-the-box. They all need some initial configurations to become compliant (yes, even GA).

Additional Resources:

CNIL guide on how to make GA compliant by using a proxy server

CNIL guidance and configuration guide for various analytics tools(mostly if you want to collect data before consent instead of relying on user consent)

Google support document on GA4 and it's EU privacy measures

A list of case summaries revolving around Google Analytics

What about consent?

Consent for cookies is an ePrivacy Directive issue. Protecting personal data of the user is GDPR. Above we focused on the GDPR issues around Google Analytics. Some SA's (Supervisory Authorities), France and Latvia for example, allow for a site to collect limited analytics data without consent arguing that basic audience measurement are strictly necessary - other SA's don't agree. Either way you will need to make sure you configure your analytics software to comply as out of the box it will not.

Closing Thoughts

Choosing (or leaving) an analytics tool is never easy and it's always easier to go with the mainstream option. But do you really need all that data?

Data for data sake is worth nothing, a waste of space, and increases risk. Any measurement strategy should start with the data you need - not want. The data you will work with. The data that will drive your decisions. The data you will action on.

Once you have a strategy in place, a reason and purpose for the data, only then is it time to consider compliance and what tools are right for your use case.

I spent most of it trying to recover from a nasty sinus infection which would imply that I had plenty of time to actually get things done being that I didn't do much of anything. But that proved wrong - I did mostly nothing.

This week also marked the end of my Privacy Accelerator mentorship I had been doing since September. It's bitter sweet. I get to reclaim my Monday nights but I will miss the tight group of privacy professionals that I formed a unique bond with. I will miss my sparing partners. I will miss my ideas and thoughts on privacy being challenged by those I trust.

But it also leaves a lot to be done. I have worked on templates and guides for all sorts of processes that will help me be a better privacy consultant down the road. These now all need to be refined, worked through, and improved to give me a foundation of pure awesomeness.

The highlights of the week:

More than doubled my newsletter subscription with this LinkedIn post - guess it hit a nerve.

Did a pod cast interview for No Hacks Marketing which was a lot of fun.

Currently Reading

I'm back to my novel for the week, finally. It's taking unusually long for me to get through it but I also don't want to put it down.

The Goldfinch by Donna Tartt

Best Short Read of the Week

Caitlin Moran: my women of the year (they're not who you think) it's a few weeks old now but just a good fun read.

Best Privacy Read of the Week

Technology vs Freedom to Think

In short - it’s essential to growth.

A/B tests show a specific treatment - and change you have made and want to validate - to random users while measuring how the change affects the metrics you are testing for. To make sure any specific user sees the same version of the experiment for the whole duration of the test a cookie is set that stores all sorts of information and behaviours related to the experiment.

A big question for businesses in established (located or targeting EU based users)in the EU is if one can run an A/B test considering that it requires you to drop cookies.

The ePrivacy Directive (this is not really a GDPR issue) says that you need to get consent for all not strictly necessary cookies. Yes, that is even for cookies that do not hold any personal data.

To make it all more fun the ePrivacy Directive is interpreted slightly different by all individual EU member states but most agree that strictly necessary means anything that is required to make the site function - nothing else.

Load-balancing is ok but analytics is not.

This would imply that you can not drop a cookie for you A/B test unless you have consent. And since you can not drop a cookie pre-consent so you have to wait to get consent before loading a test.

This eliminates running an experiment on your home page or landing page as you don't want to re-load a page and show the experiment once a user has given consent. It also limits your sample size to the users who do consent.

A Solution (or rather, my way of thinking on this)

(This is not legal advice and always check with your DPO or legal team first)

In short - run the experiment.

Or, consider a soft-opt in for A/B test cookies.

Yes, I’m essentially saying that even thought you are dropping a cookie and you did not ask you users consent you should run the experiment. Especially if you are eCommerce or SaaS.

Why?

Because countries are not on the same page regarding if A/B testing is an exemption to the "strictly necessary" cookie rule.

The ePrivacy directive is applied by each country as it is not a regulation that has to be enforced in the same manner across the EU.

For example the CNIL - that is the supervisory authority in France - has an exemption for cookies used for A/B testing. Whereas the ICO, the Brits, say clearly that you can’t use an exemption for A/B testing.

Some other countries have not been tested or have not voiced their opinion.

CNIL

…and the ICO

What do I do if I'm not in France?

You evaluate your risk.

It’s essential, when making any privacy vs growth decisions, to evaluate the risks involved.

In most scenarios I would say the risk is quite low for A/B testing considering:

• Tests is only run for a limited time

• One usually only collects aggregated data with no intention to understand users individual behaviours

• Testing is expected by the user as it is a technique utilised to improve their user experience.

So....How?

(Again, make sure you run this by your legal team or DPO - I am not a lawyer and this is not legal advice.)

When trying evaluate if it is an experiment that could be run, keep it simple.

Ask your self the following:

What is my consent rate?

If your consent rate is above 50-60% and that is enough traffic to reach a decent sample size only run the experiment when you have consent.

Risk level: almost none

Is soft-opt in an option?

Can you use soft opt in to gather consent for testing?

Check you local laws (or the laws of the country you are targeting)

Is it possible to be clear and transparent so that the user knows what we are tracking and not?

Clearly communicate what it is you are doing when asking for soft-opt in.

What are the risks to your users data when running the experiment?

Mitigate any risks to your users data and only collect as little as you can get a way with.

When using soft opt-in make sure to:

• Be clear and transparent about what you are doing

• State why you are doing it (the purpose)

• Add experimentation to your Privacy Notice

• Make it easy to opt out

Risk level: medium-low

If all of the above fail

You don't have enough traffic with consent only and you don't think soft opt-in is an option?

Now what?

It all comes down to the amount of risk you are comfortable with. If the test is high value and the risk is relatively low (placing cookies with fast expiration, no personal data, etc.) then it might be worth it to run the test anyway.

Process (and how they help me stay on top)

As mentioned last week I noticed that I'm becoming my own bottle neck by keeping all my processes in my head. This thought got me to start jotting down the general outline of most of my processes that involve teams and work in general. It also got me thinking that I already have some really solid systems when it comes to learning and staying up to date (a must if you dabble in the data protection and privacy field).

Thinking on this triggered a re-read of "How to Take Smart Notes" as well as optimising my system a bit - mostly to allow for better citation of sources.

Magic happened. It took really thinking on the system, and what systems are for, to realise that I had let some crucial elements go and bringing them back to the forefront has allowed for a better understanding of what I am learning as well as better notes on the reading I"m doing to facilitate that learning. I'm excited to improve even more and finally start writing better and with less effort again.

Thinking on this was great timing as I was asked to give a presentation to others in my privacy master mind as to the importance of staying up to date and how I create systems to process, learn, and gain understanding to stay up to date and develop my own ideas.

For those who want to know, my rough system resolves around the Zettelkasten method and uses the following tools:

• Pen and paper (mostly my reMarkable)

• Zotero

  • I am thinking if there is a better alternative or if this is what I need to commit to. Let me know if you have any better suggestions.

• Tana

  • My daily everything. Finally a note taking app that works for my brain. Use it for all my fleeting notes, tasks, to-dos, content creation, and project management. Some hesitancy to adding my permanent notes here as it's still in beta - will need to work around that and commit or come up with a better system.

• Readwise (and their reader app)

  • Reader: I read almost all here. From EDPB reports to Techcrunch articles. I also take a lot of my notes within the reader and then sync the to Tana daily to process.

  • Readwise: syncs all my kindle notes and highlights to Obsidian (my old notes app which I have not fully let go of yet).

That is it, roughly. But it needs some work. It's a system that works for me and I'm not so worried about where everything goes as I do save my sources in Zotero and have my fleeting and literature notes processed daily, but it can be improved. It will take time and will evolve as I need it to.

Sunk Cost Fallacy & Decisions

A major decision of the week was to let my podcast, Marketing Unfucked, go on a hiatus. It was not an easy decision but needed to be done. It serves me, and others, the least out of all the content I produce and wears me thin. In short, until I rethink what the purpose is and how to achieve it, it's not beneficial to anyone. It's surprising how hard it was to make the decision and got me thinking of something we discussed at length during my altMBA - the sunk cost fallacy.

The awareness of the sun cost fallacy is what allowed me to make this decision so clearly. I had so much invested in the show. Money, time, guests time, writing, branding, etc. It was soooooo hard to let all that go - I have been pushing forward on the show only because of what I had invested - not because I had an clear idea, direction, benefit, or desire. So, it had to go.

I know it will be back better than ever but, for now, there are better things for me to focus on and develop.

Client Negotiations

I've been in the negotiations phase with a client for a few weeks. I hate the word "negotiation phase" as there is hardy any negotiating happening. It's more like a clarification phase. A time to gain clarity and avoid the disaster of assumptions in the future.
This specific one has been exactly that - gaining clarity and confidence in each other. We are, after all, about to enter a lengthly cooperation. It has been such a joy to work through this together with a team that thought about this whole process in the same way as I did.

Currently Reading

How to Take Smart Notes by Sönke Ahrens

Best Short Read of the Week

Æon Flux’s Surveillance Aesthetic

Best Short Privacy Read of the Week

There really was not much other than dry reading of reports and cases. This one article is the only one that sort of stood out for an interesting thought.

Protecting privacy online begins with tackling ‘digital resignation’

This week was all about processes (or the lack thereof), finalising a big data project, time management.

Processes

Running an agency and consulting work is all about processes - and I don't have them. Well, I do but they are in my head, not really the greatest place for them to live but it's been ok until now. This week it really hit home that processes don't help much when you are the one that owns them. It creates bottle necks and adds a ton more stress.

So I've started the mega project of jotting down all my processes. Reworking them and realising that they are living, constantly evolving, documents.

I've enjoyed it and I can already see how much simpler it all will become in the future.

Finalising Projects

A large data consulting project is coming to a close. It's a fun time as you can look back on all that was done and start documenting the final summaries and tables to enable the client to own the stack and funnel from now on. I love this bit - it's the part I get to share knowledge and empower my clients.

This clients specifically has been amazing to work with. Mostly because they had great questions and pushed me to improve my final deliverables tenfold by asking those questions. Not only am I walking away with a happy client, I'm walking away with having improved my services and a better understanding on how to make my deliverables work even better for the client in the future.

Time Management

Oh my, this is going to be a longer and harder project that I expected. Mostly due to LinkedIn and Twitter. I scroll forever - all under the pretence that I'm learning more (haha).
There have been improvements with time blocking and getting work done but there is so much more to figure out.

Most importantly, I realised I need to figure out my balance between staying up to date with marketing and privacy changes, client work, admin, project management, personal brand work, and my personal live.

I'll get there but this is definitely still a work in progress. This upcoming weeks major focus will be not wasting to much time on social and being more efficient when it comes to engaging with my network (aka not getting distracted all the time by scrolling).

Currently Reading

The Fight for Privacy by Danielle Citron - I'm only half way through and all I can say is WOW

Best Short Read of the Week

Coded Resistance, the Comic!

OpenAI has grand ‘plans’ for AGI. Here’s another way to read its manifesto

Best Privacy Read of the Week

Time to Rethink the GDPR (guidelines)?

It's the first week for me with a crazy schedule. But it's done me good.

The limitations on my time have allowed my head to value the time I have a lot more - so I actually got more done that I would usually with 2x the amount of time!

Funny how that works.

Time constraints is something that has always worked for me but it's hard to implement unless I really have a constraint. Time blocking, saying I'll go to the gym or walk the dogs. None of it ever worked. I've got the discipline to sit down at my computer and work (or pretend to work) but that is it. My brain knows when I'm trying to trick it with time blocking, fake events, and moveable tasks.

Real events it's totally cool with.

Having added 15h of Greek lessons has deleted 20h of work time from my schedule, including the commute. 20 HOURS!

And in the 15h a week that I am working at the moment I'm getting more done than the 35h I used to.

It makes no sense but it's working.

Not sure what I'll do after Greek is done but I'll need to find another real constraint.

But with all the craziness - and really working when working, I have no idea what I did other than what I have in my notes. But it's not because I did not do things. It's because I did.

One thing that did come up this week, again, is how to deal with clients who are really late on allowing access to what you need. Do I trigger the pause clause? Do I wait it out?

I applied some pressure - mentioned the delay and how it will affect the deliverable but it's not working.

Also, make sure to check out the LinkedIn Live I did with 5 amazing women in the privacy field called Women Advancing Privacy. If nothing else go follow these ladies - they are top minds in privacy and have really valuable content.

Currently reading:

Still reading the Joy of Living

Have but this one (Understanding Privacy) back on the shelve as I don't have the head for it now - will get to it in the summer.

Best short read of the week:

Enjoyed this read on why UX needs to start working with others. I think that most should work across departments instead of in silos but it's nice to have someone write on it specifically from the perspective of one field and the relevant arguments.

And this LinkedIn post on the release of Privacy Sandbox on Android and it's key concepts. Check out those slides!!!

Best privacy read of the week:

This not-so-recent article came up again and it's a great read about where privacy fits, and not.

I also love this article on How to read EU regulation (they do one for CJEU cases as well).

You hear a beep, and another.

Start digging toward that unknown treasure.

Dig. Dig. Dig.

It keeps getting away from you.

The beeping keeps going.

.

.

.

That just about sums up my week: aimless wandering.

It feels as if I've lost my strategy - the one I worked so hard to craft earlier this year. It's gone. Nothing gets done. Days are spent digging for some unknown treasure or tool that will fix it all. Then, once the day is over, it's a feeling of worthlessness - of having done nothing.

That's my reality - not yours.

Your reality is that I'm super productive (that's what I'm being told at least) that I have it together, that it comes easy.

This is why it's so important for me to let you all know that it's not like that - it's up and down. It's push and pull. It's what running your own agency, consulting, and working from home can look like.

I did get some things done - thankfully:

• Sent my newsletter discussing how and why I believe a/b testing is ok when considering privacy regulations

• Had a good reminder that it all comes down to the 5 C's:

  • Clarity

  • Confidence

  • Credibly

  • Competence

  • Community

• Spent a lot of times studying various ROPAs to set up a good template that I like.

• Started reaching out to guests I'd love to see on Marketing Unf*cked for Season 3 (have any suggestions?)

Today is Random Acts of Kindness Day.

My acts of kindness will be random but I'll leave one bit of the random up to you.

I've opened up 10 x 20min time slots for you to ask me anything.

Privacy, career, pivoting, marketing, measurement, data, newsletters, podcast, live, etc...

It's all on the table.

This link is valid for 10 bookings - go get yourself one.

Currently reading:

The Joy of Living by Yongey Mingyur Rinpoche

Becoming a Privacy-Centric Marketing Organization by Michael Loban

Best short read of the week:

The "enshittification" of TikTok

Journalistic Lessons for the Algorithmic Age

Best privacy read of the week:

Draft Motion on a Resolution Draft: on the adequacy of the protection afforded by the EU-US Data Privacy Framework

I get this weeks. I still take in information, read a lot, and get work done but I could not tell you any of what it all was.

It's that time of year where running an agency feels overwhelming. Had to deal with taxes and getting everything set up for the accountant. Also decided to change my tax structure so that is even more paper work.

Start of the year also means that, once I've reviewed my revenues, I make the yearly donation for 1% for the planet - this year it went to the 🐢 turtles of Greece!

The later half of the week I spent mostly on discovery calls, pitching to speak and conferences, and client work. All are fun in their own way.

Discovery calls are probably my favourite as I get to learn about a new company and what makes it tick - and there are always some fun facts about those on the call that make it worth it.

Pitching talks is not not-fun but it's a bit like applying for school or a job - that odd excitement of submitting something you prepared and the anticipation of what will happen next.

Work is work - and I love the challenge or figuring out a solution for each client. This one has been especially tricky as their business model is not something I have encountered before.

Another project I did quite a bit of work on this week is me trying to document and template various data protection processes such as ROPA, DPIA, SAR, and privacy notices (broken into different levels of formality).

AND

Look what arrived this week - can't wait to dig in.

Currently reading:

Understanding Privacy by Daniel Solove

Happening by Annie Ernaux

It's a very short read but one I would highly recommend. There is a realness and rawness to it that I have not encountered much in books.

Best short read of the week:

Two Supreme Court Cases that Could Break the Internet

Best privacy read of the week:

Dismantling the “Black Opticon”: Privacy, Race, Equity, and Online Data-Protection Reform by Anita L Allan

What an amazing week.

I got to spend most of my week at Superweek - the Beyonce of analytics conferences. The amount of sharp minds there is awe inducing.

Not only did I get to reconnect with old friends, make new ones, and hear about great ideas - I also got to present some of my ideas.

I gave a presentation on How to Rethink Data Protection, spoke on The Future of Analytics, and discuss (in an interview setting) in Data and Ethics.

I've also learned soooo much.

Giving a new presentation was nerve racking as it's been years since doing any live conferences - it reminded me that I always overthink it and put way to many notes into my talk which I then ignore as I prefer interacting with the audience instead of looking at my screen. Problem with that is that I forgot to mention a bunch of things I wanted to.

I will need to remember that I just need to get a lot more comfortable with the presentation so that I don't need to rely on notes so much.

Of course the interview type discussions went well - they aren't scripted and I strive in those situations.

It seems like I did so little this week - just Superweek. But that would be a disservice to such a phenomenal conference. A week in the countryside of Hungary with the amazing minds you find in the data and analytics community is priceless. Not only is it a lot of fun (maybe even too much fun) but you walk away with better ideas, new ideas, and the challenge to rethink old ideas.

Currently reading:

Understanding Privacy by Daniel Solove

Practical Synthetic Data Generation by El Emam, Mosquera, and Hoptroff

The Goldfinch by Donna Tartt

Best short read of the week:

How hard should I push myself? by Dan Shipper

Best privacy read of the week:

Murky Consent by Daniel Solove

A week to be grateful for. A week of a lot of change. A week of ups and downs.

Most importantly, a week of growth - and a lot of it.

I passed my CIPP/E on Monday.

What a relief but it also raised so many questions around why such an exam helps, or not.

I can't stop thinking that it's more and exercise in test taking and deciphering badly written questions (I feel for those who have to take this when english is their second language) than my understanding of the GDPR.

How did passing an exam focusing on random memorization of some article along with the history of data privacy help me further as a privacy professional?

Hence only relieve - no real excitement. The thrill that I get in growing as a privacy pro happens within my community and in my mastermind sessions. This is where we discuss and learn about how to apply elements of the GDPR, how rulings have an effect on the future of data protection, how to work with people to further understanding and champion growth.

So, yeah, not a huge fan of exams but they serve their purpose - they at least enforces some sort of standard.

But that was only Monday. Like I said - a full week.

I've spend the rest of the week traveling and working with a client consulting on data flows and management. It reminded me that, although it is energy draining, I've missed in person meetings and the interactions with everyone within my clients teams.

Never have I joined clients on an off-site or meeting where I have not walked away with more than I walked in. I always learn something new, make a new connection, get pushed out of my comfort zone and ultimately grow just a little bit.

I'm now looking forward to taking everything I collected and learned in the past dew days and making some sense out of it all to help my client grow and build their venture more efficiently.

In other news I have managed to:

- send out another edition of Sporadic Ramblings (it's been living up to it's name but I need to get more consistent with it)

- submitted my advanced masters application; now it's time to sit and wait

Random learning of the week:

I'm soooo much more productive in airport lounges and random coffee shops. It's like those are the only places I don't get distracted. In my home office there is always something better to do. Lounges and coffee shops it seems there is not.

Currently Reading:

(just finished)

The Surrender Experiment by Michael Singer - interesting read although lacking substance a bit

(still working on)

Understanding Privacy by Daniel Solove

(working on for a good 6 months already)

The Goldfinch by Donna Tartt

Best short read of the week:

AI Gonvernance in the time of generative AI

Best privacy read of the week:

Most of my week was studying for my CIPP/E which really means re-reading, questioning, and doubting everything.

Why does your brain do that?

I know this stuff - I've know it a while - but here I go thinking I don't know anything and can't even list the data principals without missing out (and I write and talk about these all the time!).

So yeah, a privacy heavy week and it will be a privacy busy weekend as well. Exam is on Monday so let's hope for the best.

To make the week even more privacy heavy a bunch of decisions and reports were published from Facebook to Cookie Banner Taskforce reports and everything in between. I should start counting the number of pages I read to stay on top of things - it's insane. And I don't even feel on top of it - the moment I get it they go an release another. Go easy guys - we just can't spend our whole day reading. Please just drip feed it instead.

In other news...

Signed another "we need to switch to GA4, yesterday..." client - these are also becoming routine and my guess is that they will increase with time. In March, when Shopify switches over, is when I'm expecting the biggest hit. I should probably prepare for that, but I'm not.

I've also managed to tackle my main goals for the week:

1. Studied - a lot! (no surprise here)

2. Finished my motivational letter my school application

3. Applies for the greek intensive program

It feels good to get those done - I'm soooo bad at getting things done in time.

Good news is that my accountability group (it's just 3 friends who are all building their own biz) is back on track which makes sticking to my goals for the week a lot easier.

Currently Reading:

Understanding Privacy by Daniel J. Solove

(Another book called Understanding Privacy also just arrived in the mail, this one by Heather Burns)

Best Short Read:

The Cookie Banner Taskforce Report.

Why? because it's just a repeat of everything most of us have been saying for ever.

I summed it up this way:

Best Privacy Read:

See above...

It’s been a slow week as most of it was spend trying to breath and hacking up whatever was getting stuck in my chest. The week has been a blur or tea, chicken soup, and netflix. Not much in terms of thoughts but sometimes life goes that way.

Still got some things started (but far from done):

1. I’ve been toying with the idea to go back to school for an LLM. It’s been a lot of back an forth but I’ve finally pulled the trigger and started my application. Motivational letters are a bitch but I’ll get there. Am really excited how this could affect my thinking and career. 

2. I need to get this Greek thing down so I’ve committed to taking an intensive language course next month. Only having the basics of any language of the country you live in is not easy - it holds back a lot of opportunities both professional and personal. 

3. Privacy accelerator started up again - sooooo happy. It works wonders for my motivation and is great review of concepts you think you understood until you realise you didn’t. 

Rant of the week:

Poor Fiona had to hear me rip about how so many courses out there are pure bull shit. Most don't offer anything more than what they already offer for free - it's just packaged to be more accessible. If you would just sit down and take the time to process all the information you take in (yes, that means taking time to think and nothing else) you'd have all the info those guys are packaging without the price tag.

Currently Reading:

• Do Hard Things by Steve Magness

Best short form read of the week:

• In Defence of an Unoptimised Life by Evan Armstrong

Best privacy related read of the week:

This little argument here is priceless (I’m assuming we already know all about THE decision)