Siobhan Solberg 2024-03-01T00:00:00+00:00 <![CDATA[033: A Week of Learning]]> Siobhan Solberg 2024-03-01T00:00:00+00:00 A week of learning. To put it simply.

After closing a mega client project last week I've had a chance to really hone into my studies and catch up on school work.

It was fun and exciting. Got me going again.

Some of the week got spent improving my "legal brain" and finally seeing how useful it's going to be. It was part of an assignment so that helped push it along. Also first assignment I submitted early. Hope that becomes a trend.

The rest of the week was:

  • Trying to figure out how to write a legal essay

  • Jump between 64 different ideas for said legal essay

  • Start researching those 64 ideas and not liking any of them

  • Still needing to determine the actual topic I will write on...

And I want to get this one done early as well. So I need to get the rough draft done next week. No other option.

What I learned? That I'm a super-cali-good procrastinator.

Oh and that it causes a ton of unnecessary stress.

So....time to loose that skill and focus on the opposite. Plan, schedule, organise, and do everything a head of time.


Currently reading:

Still on In Memoriam: A Novel by Alice Winn which I love. I look forward to it every evening.

Extreme Ownership by Jocko Willink and Leif Babin. Not my type of book usually but someone recommended it and I can see why. A bit to heavy on the military bit but still some good lessons in there.

Best privacy read:

Pay or OK - a timeline

Best short read:

Amazon hints at post-cookie ad tech project called ID++

AND a special mention to Team Simmer and specifically Simo for putting together a great, free, resource that is a must read for all: The Technical Marketing Handbook.

]]> <![CDATA[032: I'm back]]> Siobhan Solberg 2024-02-23T00:00:00+00:00 I'm back.

It's the first week I feel like I can say that.

And it's not full on. But close.

It feels good to be back. In a routine of sorts. To study, write, research, work. Best of all is to finally be challenged again - to get my brain going.

A lot has happened but at the same time nothing.

You know those weeks. Those weeks were it seems like you are doing a lot and then at the end you sit there wondering what you actually got done.

Things I'm happy I did do this week:

  • Review the results to my newsletter poll and made adjustments accordingly

  • Finalise the Google Consent V2 newsletter. It's ready to go on Tuesday. (I was going to skip it but it seems that enough people still want it so....)

  • Stuck to my study routine

  • Closed out a major client project

  • Took a whole day to myself and spent it out of the house (this is a biggie)

So maybe it is a lot. Once you write it all down it looks different. Reflection, and hence these Weeknotes, are a blessing when you mind is fucking with you.

Here is to another week ahead of doing more but still finding that balance. It feels like I'm constantly learning how to maintain a balance between work, school, and life. Guess that is what makes it all fun.


Currently Reading

How to Protect Bookstore and Why by Danny Caine

In Memoriam: A Novel by Alice Winn

Best privacy read of the week:

I'm reading a lot about the Privacy Sandbox drama (will probably dedicate a newsletter to it) and these two stood out this week:

Google claps back at IAB criticism of Privacy Sandbox, but adtech leaders remain skeptical

And The Privacy Sandbox strikes back by Ari Paparo

]]> <![CDATA[031: On Goals and Resolutions]]> Siobhan Solberg 2024-01-20T00:00:00+00:00 Happy New Year.

Or is it too late to say that now?

I'm behind on things. Got sick. Decided I needed to take the break to recover and get better first. But here I am. With a New Year note about everything.

My holidays were a blessing. I was expecting wifi (as the last time I was there) and pretty good cell coverage. Granted last time I went the political and economic situation was quite different there. This time there was no wifi and forget about phones. It was 11 days of no connection with anything. It was amazing.

I had space to just enjoy. Be. Notice things. And think.

Given the time of year I did a lot of thinking on the whole New Years resolution and goal setting thing that takes over Dec to Jan and then petters off by Feb when the realisation kicks in that it won't happen. How can I loose all that weight, get all those clients, build that authority, and be there for my family. It just won't work.

I started to understand that in the end the goal of each year is the same:

🤓 Grow (both professionally and personally)

🤓 Be healthier (aka train harder)

🤓 Be more present

🤓 Have better balance

That's it. It's always some version of that. At least for me.

So why do I bother with all the resolutions and goals. Objectives aren't going to change this either. The idea around it all is the same no matter what year and at what point of the year.

So this year I'm just going to let it flow.

I know what I need to do. I don't need to over-plan it into each quarter, month, week and day.

I'm going to flow. Not stress. Not worry about OKRs and KPIs.

I'm just going to be.

The hope is that I will also be a lot less stressed. People like me (the super disciplined to the point of weakness and then shit on yourself type) get super stressed when these resolutions or goals are off by 5 minutes, don't even think about what happens when you are off by a day.

So instead I'm going to chill. Flow. Be.

I'm not going to worry about what I eat.

I'm not going to worry about how many followers I have.

I'm not going to worry about closing every proposal that I put out there.

I am going to do what feels right.

Eat when hungry.

Enjoy that Canchanchara.

Read a lot. Even if it's not work related.

Study to my hearts content.

Take the time for walks.

Run when I want to run.

Swim when I want to swim.

Share what I want to share because I think it's share-worthy.

Let's see how it goes.


  • Breath by James Nestor - this book is life changing. I finished it early this week on my Kindle and probably bought 4 copies. One for me and more to share.

  • Good Enough Job by Simone Stolzoff - I did not finish this. The point she is trying to make is good but it's written for the American mindset that I don't related to (but am extremely familiar with).

  • Refuse to Choose by Barbara A Sher - currently reading this. A gift from a dear friend who seems to get me sometimes better than I do myself. A book that makes me respect the way I am all over the place instead of trying to punish myself for it while also inspiring me in ways I can make it work better for me. Scanner fun in a world that is still learning to cope with people who are generalists.

Privacy Read of the Week:

Short read of the Week:

]]> <![CDATA[030: Final Weeknote of the Year]]> Siobhan Solberg 2023-12-20T00:00:00+00:00 Final Weeknote of the year.

And considering how I have not posted on in a few weeks it's more like a month-note.

It's been all over the place and nowhere.

I'm not going to say I was busy. I wasn't.

But it's been hectic nonetheless.

I've had school (nothing new there other than it's now cybersecurity) but not much in terms of work - by choice.

But my heads been spinning out of control. That sort of spinning you get when you know you have a ton of shit you want to get done, none of them are essential, all of them a great-to-haves, but somehow nothing can sit in it's allotted brainslot.

It's shit and extremely tiring.

It happens. I've been extremely blessed to be able to have this happen after I had made a decision to not take on more work until the new year.

So I mopped about, tired, lagging, and overall slouchy. And it's OK. We have it happen at times.

And then, some random day, I woke up needing to run. Full of energy and just needed to go. Rain - I don't care, just go.

Since then I've been back.

I've been training.

I've been working on a new project.

I've been reconsidering how I want to approach this upcoming year.

I've decided on some changes re:work (I'm letting of of my marketing agency!)

And I've honed in on who I love to work with and who not so much.

What great timing my mind had - now I'm all set to head out on holidays fresh and excited for what's coming up.

I don't usually do yearly goals etc but I think this is the year I will. And I'm going to own it. I'm going to just be me and do me and love every moment of it.

Can't wait.

I hope you have a mega holiday season and a rejuvenating start to your new year.


Nothing to list here but I am working on getting you my list of what I'm going to be reading in 2024. A lot of books that are not related to privacy, cyber, or AI and I'm exited to make broader connecting and dip my toes into other stuff every now and then.

]]> <![CDATA[How a marketing team found growth by embracing privacy]]> Siobhan Solberg 2023-11-06T00:00:00+00:00 A story on how a marketing team turned it all around by focusing on privacy (of all things).

Marketing was hitting a dead end. Not making ends meet and failing to hit their quarterly KPIs.

The ROI on ads was dropping to the point where it wasn't sustainable.

On-site conversions were stagnant no matter how much they were optimising.

Up-sells were non-existent.

And nothing the team did was helping.

They had it all. The data. The analytics. The mailing list.

And then the legal team started butting in.

What fun.

"You can’t send those emails - they are considered marketing emails."

"You can’t track that user - they did not consent,"

It was shit, at best.

Then on top of that, legal wanted to bring in a consultant (me!) to help marketing “understand privacy”.

Needless to say, I was not well received.

And why would I be? They didn’t know me. They thought of me as just another privacy fanatic. Or, even worse, a lawyer.

It took getting to know each other.

Time to realise that I used do doe the same exact job they did. That I understood them and their hesitancies when it came to all that regulation.

Most importantly, it took the time to understand that we all wanted the same thing.

I wanted growth, I wanted the business to thrive.

Just like marketing did.

So how did we turn it all around? How did we nurture growth?

And how did we do that all by making it about privacy?

Step 1: What do we actually need?

It was back to the drawing board. We gathered everything. From clicks to emails. From pixels to payment processors.

We collect all.

And then we had a moment, taking it all in.

It was a lot.

Did we really need all that? Were we taking actions on all of that data?

Maybe a ¼ of it, if that.

Step 2: Back to basics

We trashed most of it.

We turned off all tracking not required.

We stopped spending money where there was no ROI.

We stopped working with third party vendors we didn’t think helped us.

It was scary. It was ballsy. It got our adrenaline flowing.

And suddenly making decisions on data was so much easier.

Step 3: Start respecting the customer

Now that we actually understood what was going on we started brainstorming how we can make it about the customer - for real.

Really respect them and their data - not just say we do.

We reworked content, we made sure we were transparent about what we do with data, we were accessible, we were clear.

No legalese anywhere (we worked with legal to rework everything).

In the end…

Customers were happier.

Customers spent more money (while my client spent less).

We sent less emails but increased revenue from emails.

The money we spent had actual ROI.

This is privacy-first marketing.

It’s putting the customer first.

It’s respecting their data.

It’s respect.

]]> <![CDATA[An Uninvited Guest]]> Siobhan Solberg 2023-10-30T00:00:00+00:00 Recently I spent a week in Maastricht. A quaint town that I didn’t get to see much as I spent most of my time in lecture halls.

I booked an AirBnB.

Self check-in. Cute. Good coffee. Great location. Beautifully designed.

It was a dream.

At the end of my first day, brain dead, I stumbled up the stairs. Opened the door and dropped everything on the floor and collapsed on the bed.

Then, out of nowhere, my iPhone had one of those I-need-you-to-pay-attention-to-me-right now alerts. Those that make you jump.

I scramble to find it in the heap of things on the floor.

It says:

Someone is tracking you.

Wait? What?

What do you mean - tracking me?

I click on the message and this is what I see.

Tracking notice I received on my phone

I was a bit confused.

But then, slowly, it sunk in.

Someone was tracking my every move since 4AM!!!! They can see my every move on a detailed map. Every single place I’ve been.

I looked everywhere for a tag.

Dumped my bag.

Searched all pockets.

Finally found it, hidden in the keychain.

Clearly the owner has had some issues with people loosing their keys (at least I hoped that was the reason) and thought this was the solution.

He clearly didn’t first think:

  • What would someone feel like if they found out they are being tracked?

  • Why do I need to track them?

  • Is there a better way?

  • Should I be transparent about tracking them?

In marketing it’s similar. We want all the info.

We don’t first think:

  • What do we need it for?

  • Do we really need all of it?

  • Does it have to be that invasive?

  • Are we being transparent about it?

  • Is there another way we can make this campaign successful?

  • How would I feel about it?

And it’s not only that. It’s not only about respecting the user and their privacy.

It’s also not exclusively about following the principles of data minimisation, and purpose limitation.

It’s about the consequences.

Do you know the first thing I did once I realised that someone decided to track my every move while I was renting an apartment from him (no, there were no notices of this anywhere - I looked for them)?

I started checking for:

  • cameras

  • baby monitors

  • other tags

  • notices that I’m being tracked

  • wondering if the key code entry was transmitting anything

And I definitely didn’t sleep well that night. And I cleared out of there quick. Found another place to stay.

The same happens with our customers if we are not clear about what we are doing.

If we abuse their trust.

If we track them without concern.

When they find out they run.

They think about all the other invasive things you could be doing.

You loose them, for life.

Is it worth it?

A quick read on how to detect you are being tracked by an AirTag if you are outside of the Apple ecosystem.

So, how did it all end?

I wanted to believe that the owner of the AirBnB just didn't think it through. After bringing this up (no I was not a b*tch about it)

I got the following response:

Response I got from the AirBnB host
]]> <![CDATA[029: How do you study for an open book exam?]]> Siobhan Solberg 2023-10-27T00:00:00+00:00 1h and 42 minutes to go.

Then it's time to take the final.

A final that I have had no idea how to prepare for.

A final I'm not sure how to handle.

It's been a quick 8 weeks for Period 1 and I am a few hours from the end. And I have all the feels: excitement, anticipation, anxiousness, uneasiness, and occasionally a really comfortable calmness.

It's an odd one, how do you prepare for an open book exam?

How do you prepare for an exam that is going to require you to answer in long form?

Yes, I could have create an Anki deck with all sorts of hypothetical exam questions and then created chunks of text that I could use to answer them.

Yes, I could sit and memorise all cases.

Yes, I could review and memorise all the slides and lecture notes.

But is that the point?

I put in the work. I organised the information. I participated fully.

Is there anything else left for me to do?

I don't intend this to sound cocky or pretentious. It's more that I'm at a total loss last to how you prepare for an open book exam that depends on you having participated and processed the knowledge of the past 8 weeks along with having a system were that information is retrievable.

Reading the notes over and over is proven to not work.

Active recall does. So does spaced repetition.

But it's open book. It's based on your understanding and not so much on your learning. (Does that make sense?)

So as the nerves build up and the calmness leaves me. As the doubt piles on and the confidence in my understanding dissipates. I'm going to take the next hour to "study" for something I don't know how.

It's been near 20 years since my last final exam.

It's my first one in Law.

Let's do this (maybe I still have some excitement left 🤓)

This weeks reading


Master of Change by Brad Stulberg

Deep Work by Cal Newport

Best Short Reads

Things your are allowed to do

Best Privacy Read

It's crazy how much Transport for London can learn about us from our mobile data

What the !#@% is a Passkey?

]]> <![CDATA[My Legal Brain]]> Siobhan Solberg 2023-10-18T00:00:00+00:00 Going back to school while working full time forces you to be very stingy with your time. You rely on processes, consistency, and systems you create for yourself to make it through.

Starting my LLM (no I never went to law school before this) has pushed me to the edge in terms of time and new learnings. I'm needing to retain things I never thought I would care to. So I created a system to organise, as best I can, my cases, notes, laws, regulations, and articles. To create a "Legal Brain" that I can reference as I write case notes, papers, and start working on my thesis.

Whenever I mention this most imagine that I have this mega spreadsheet or Airtable with all my cases listed and tagged.

I tried that in Week 1. Wasn't going to work for me.

You see, the point is not to have a list of cases.

The point is not to have all the directives, regulations, proposals, opinions, and guidelines in one place.

The point is that you can easily reference whichever case, guideline, opinion, article, etc is appropriate to whatever you are researching or questioning.

That can't be done with a list.

A list doesn't help you make connections. It just list things you usually need to know about to find.

So I create my system. My Legal Brain.

It's quite simple once you think about it but life changing once implemented.

The main idea is to allow yourself to find anything that is related to anything within the "brain" or network. Everything should be and is connected and it should be open to receiving more connections as they are made.

To allow these connection to occur I need the ability to be able to find things by case, topic, regulation, etc.

To allow for this to work I need a solid structure of tags and queries.

The Basics

(note: I use Tana to do this and it is heavily inspired by the SN(A)CK system created for Tana by Theo Køppen)

I use a few supertags which I extend as needed. (A super tag is a tag that can have others nested below it. Those below reference the above tag but can have their own unique parameters as well)

Each of the tags has a set of fields to help me condense my thoughts. Fields range from simple "date decided" to "case summary".

Queries are build around these tags and fields to allow me to find connections and clusters of information. It's what allows me to see connections, generate ideas, and build relationships.

The workflow

My workflow, let's say during a lecture, would look something like this.

Take notes (#lecturenote) and as a case is mentioned tag it #case.

As a questions arises that I want to ask later tag it #question.

Any note of interest that I want to be able to refer back to easily is tagged #note.

Any legal act of sorts is tagged either #regulation, #directive, etc. which are all an extension of a supertag called #legal-instrument.

Each of the above tags have one mandatory field that ties it all together called "related to". It acts as the connector.

Snapshot of how a case is displayed in my Legal Brain

The topics, along with the cases, regulations, articles, etc are all kept in my Legal Brain.

Snapshot of Topics in my Legal Brain

Once all the information is there I can explore any cluster.

Let's say I am writing on Legitimate Interest, I would look into that topic within my notes and see all related cases, notes, articles, etc to have a starting point to reference. If that is not enough I can happily go down the rabbit hole of related cases to the cases mentioned, related topics to those mentioned, or related articles to those mentioned.

This is not limited to topics but can be done for all. i.e I can go to a case a see all related cases and articles. I can go to an article of the GDPR and fine all related cases and notes. Etc.

In short, everything is connected and as long as I allow myself to explore I can find those relationships and create more as I dig deeper.

Snapshot of the Legitimate Interest cluster

I let my brain go down rabbit holes to explore the connections and relationships that may, or may not, be relevant.

This system has created a way for me to more consistently be able to find those relationships and connections.

Closing Note

My Legal Brain, like my own, is alive. It's changing all the time. It get's adjusted. It allows for fluidity.

The moment I let it die and don't maintain it it looses it's usefulness. It's not designed to be just another list of things I might, but will never, reference.

]]> <![CDATA[028: Public Speaking]]> Siobhan Solberg 2023-10-16T00:00:00+00:00 Speaking always takes me through a journey of feelings.

Creating a new talk has be starting on a high, excited to further develop and idea and share it with others.

Then, once most is formulated and the final slides have been designed, usually after the first practice run through, all that doubt kicks in. When did I ever think this was a good idea? Who's going to care about what I have to say?

Always near giving up.

But at this point there are commitments that I can't bail on so I just keep practicing. Re-working slides over and over again. Over thinking the wording.

But most importantly I keep practicing.

Once the day comes closer none of the doubt leaves me, instead it starts boiling over. You get sick. Physically sick. It's shit.

And suddenly you are standing there. In front of a packed room or faces. Some you recognise, friends, others you have no idea.

All that practice pays off. You just go with it. You flow.

That excitement comes back. That high. You remover why you wanted to share your thoughts.

No care in the world about others - if one person leaves with something from it I've done my job.

This week I got to do this - twice.

Once live, once online.

If the live one failed. If the talk didn't take. The online one would have gone on anyway. It freaked me out.

Thankfully it didn't tank.

It went well. It triggered some great conversations. Created new connections.

And that is why I do this. This is why I keep developing my ideas around concepts to share with anyone that wants to listen. For connections. For conversations.

So yes, it's a journey of feelings I don't want to go through but one with a reward that makes it all worth it.

Thank you to everyone that listened and especially to those who let it move into conversations.

Currently Reading:

The Philosophy of Cybersecurity by Artur Kurasinski and Lukasz Olejnik

Best short read of the week

Survey of Current Universal opt out mechanism

Best privacy read of the week

Same as above

The LED - Law Enforcement Directive (for school)

]]> <![CDATA[027: Structured Flexibility]]> Siobhan Solberg 2023-09-26T00:00:00+00:00 Discipline, time blocking, routine, motivation - sometimes none of it works.

When it doesn't don't be like be and fight it endlessly. See it for what it is - a demand for change.

It took me longer than it should but I've finally settled into a sort of Structured Flexibility.

A way of working that allows me to still have the structure and routine that I crave and need while at the same time allowing for flexibility to readjust, add, remove, and just let life be without me loosing my sanity.

The past few weeks have been a lot of adjustments. And a lot of infighting between priorties - what's more important? School, work, content, work life balance?

I thought I had it all planned out. Specific days were school days, others work. Life didn't agree. It was just that, life, and got in the way. Took away from any school or work day at will. Stress galore. I was totally loosing it. And getting way behind on everything (I still am!)

But then I let me breath. I allowed for change. I allowed myself to have all the structure that I need to make it work but at the same time had permission to change it as I needed.

It's been life changing.

No more school or work days. Some are both.

No more working when all you are thinking of is the school deadline.

No more going for a run even though you know you shouldn't unless you want to get injured (yes, I am that bad - it's in the schedule I'd better do it).

No more getting angry at myself when I need to make a doctors appointment and actually go.

Best of all, flexibility as to what day of the weekend I will use to catch up so that V and I can enjoy the wind when it's here and hit the water.

Why was this sooooo hard for me to do?

And belive me, it was super hard, but I'm happy I'm starting to figure it out. That I'm slowly being gentler with myself.

The disciple, structure, and intense time keeping are the way I made it until now.

It's time to move on - let motivation, desire, and drive take over and make it happen that way.

Time to find my balance.

Currently Reading:

All the documents supporting the UK-US data bridge

Preservation: The Art of and Science of Canning, Fermentation, and Dehydration by Christina Ward

Der Gang vor die Hunde by (one of my favourit authors since I’ve been a child) Erich Kästner

]]> <![CDATA[Dark Patterns and what to do about them]]> Siobhan Solberg 2023-09-21T00:00:00+00:00 It's time to talk about Dark Patterns.

TikTok, Fortnight, Facebook - they all got slammed for dark patterns.

The EDPB (European Data Protection Board) has issued guidelines that revolved around dark patters such as how they affect Cookie Banners and how to recognise and avoid dark patterns in social media platforms.

To say the least - dark patterns are, and will, be on the forefront of privacy and data protection minds. It will also influence fines and penalties.

Marketers use dark patterns without thinking twice. Callingl it "marketing psychology" or "cognitive biases".

Let's dive into some of the more common ones and how we can adjust for them to be more compliant when it comes to privacy and, ultimately, respect our users decision about what to do with the personal data.

What are Dark Patterns:

According to Harry Brignull, the designer who coined the term, dark patters are “tricks used in websites and apps that make you do things that you didn't mean to, like buying or signing up for something.”

Relating to privacy specifically they are deceptive design practices used by websites and apps to collect more personal or sensitive data from you.

Marketing and Dark Patterns

  • Marketers use dark patters to get people to:

  • Opt in to emails and messages

  • Give uniformed consent

  • Take risky decisions in regards to their privacy

  • Share more data, or buy more, than they intended

A recent McKinsey study in North American showed that people prefer companies that limit their use of personal data. Even more of a reason to consider being open and transparent about what you are doing instead of tricking the user with deceptive design.

McKinsey Study Graph

So what can marketers do instead:

  • Use language that is easy for consumers to read and understand.

  • Avoid friction when consumers cancel, unsubscribe or refuse to subscribe.

  • Explain consequences in a neutral way.

  • Offer balances and symmetric choice.

  • Don't use pre-selected check boxes to get consent.

  • Avoid manipulative interface and language that might steer consumers in a certain way.

  • Make sure privacy notices, T& C's, etc are easy to find and disclosed at the appropriate point within the users journey.

  • Use design to enable user to make an informed choice.

  • Allow for users to have a privacy first experience on a given website or app.

  • Include a privacy expert within your design process.

Top Types Dark Patterns


This dark pattern is simple. You are guilting a user into something they don't necessarily intent to do.

It's a classic used to get people to give you an email in exchange for a discount. It's everywhere.

The "No, I don't want a discount" link we need to click on.

Or this:

Example of Confrimshaming

What to do instead?

We can offer a clear and informed choice. Let the user determine what they want.

Ways to do this is to:

Inform the user as to what you are collecting and why to help make an informed decision.

Use symmetric design and wording such as "Yes" and "No" instead of "Yes" and "No, I don't want to save money".


Misdirection is using confusing wording or making one choice more prominent than the other.

Such as TikTok.

They want:

Access to your friends lists

Your email

Show personalised ads

Confusing for sure - there is just way to much going on. And then you only have two choices: a clearly preferred "OK" and then the greyed out "Don't Allow"

Example of TikTok using Misdirection

What to do instead?

Only ask for the data you actually need. Not more.

Let the user know why you need the data and what you will do with it.

Only ask for one thing at a time or give the user a choice as to which elements they want to opt in and out of.

Make your options balanced (as mentioned above).

Roach motel design

The roach motel design is just like a roach - easy to get, hard to get rid of. It's providing an easy path to get in but a difficult path to get out, such as when it’s easy to sign up to a subscription but much less easy to cancel.

For example when you are trying to cancel a software trial:

First you click on Cancel Trial (usually greyed out or hard to find).

After finding, and clicking on the button, you come to a new page with the option to Downgrade with a list of features you might loose. Time to find the Cancel button again - usually hidden and tiny somewhere on the bottom of the page.

Wait, Why you want to downgrade? (It's all in the name of user research) Give them a reason and get ready to be asked - again - if you don't want to stay on. They will provide a Major Discount.

Find the Continue to Cancel button again.


You've made it.

You've cancelled your free trial.

Now imagine that flow when a user wants to withdraw consent for tracking.

What to do instead?

It's simple. Make it as easy to opt out, cancel, unsubscribe, as it was to get onboard.

Show a clear unsubscribe button and honour it.

Allow users to cancel easily without making them jump through hoops.

Let them opt-out with one click and without consequences.

Privacy Zuckering

Named after Facebook CEO Mark Zuckerberg, this dark pattern tricks users into sharing more information than they intend to. It's used a lot when agreeing to new terms and conditions, such as the WhatsApp example below.

WhatsApp example using Privacy Zuckering

What do to instead?

Be clear about changes up front.

Don't pre-tick boxes that are accepting something the user might not understand.

Use simple language when communicating any changes.

Highlight changes in the privacy policy or T&Cs that have changed since the last time for the user to easily understand.

Consider offering the conditions in other languages for ease of understanding.

These are by no means all the dark patters there are but hopefully this shows you how to think about alternative ways to market all while respecting your user.

]]> <![CDATA[026: Conquering Doubt and Insecurities]]> Siobhan Solberg 2023-09-03T00:00:00+00:00 It’s been a test of drive, motivation, desire, and will.

It’s been a battle with doubt and insecurities.

I’ve gone from being the dumbest person in the world, to “what the fuck am I doing” to yeah-sure-you-got-this-in-your-dreams.

School starts Monday and it’s done a number on me. What qualifies me to hang with a bunch of super lawyers and DPOs to study in the same program as them?

What makes me think I can do this?

I should know this pattern by now. I experience it for every new client that’s some sort of super cool. For every new talk I’m about to deliver. For any workshop that I’m honored to give.

Regardless of the pattern I still get sucked in.

Regardless of being able to predict it it still happens.

So I let it be. I cried. I screamed. I went for a run. I went for a swim. I didn’t sleep and then slept so much I was missing meetings.

And now I’m out on the other end. On the train the day before a new 2 year adventure of which I’m not sure what to expect.

Why did I let it be? Why did I not talk myself out of it?

All that drama in my head also makes me get it all together. It drives me to get some sort of control. To make lists. To organize my schedule.

That’s what I did.

Remembered routines, organized availability, scheduled in time to study, work, and train. Foresaw issue and scheduled in buffers.

Best of all - I also scheduled in non-schedule-able time.

Yup. I did it. I put big blockers where I’m not allowed to schedule shit. Where I allow my brain to process everything I have taken in. Where my body get’s to dictate if it wasn’t to rest or go for a hike. Where I get to enjoy spontaneous date night or nights out.

Currently Reading:

A lot of random cases assigned for school.

]]> <![CDATA[025: Burned Out]]> Siobhan Solberg 2023-08-28T00:00:00+00:00 Watching the Alps slide by below me I'm wondering why I'm not feeling refreshed?

Why do I feel like I need a proper holiday considering I was just on one?

I made a mistake.

I allowed myself to work, off and on, every single day. I did not take one day off!

The beauty of working for yourself is the flexibility. Being able to work from anywhere, anytime. It's bliss.

But it kicks you in the ass.

Working, even if just a little, fucks you.

My brain has been constantly on. Every day. I've been taking in information every day. From clients, from school, from newsletters, from cases, etc.

And I did not allow my brain a single day to process. Not one.

So after spending a few weeks with reduced meetings, reduces posts, less writing, less reading for work, and less deliverables I'm totally shot.

I also got to kite surf, wing foil, swim, and hang with friends.

But not once did I even take 30min to just be and sit. Process. Let me brain make connections. Let it do what it does best.

So now, on the plane, my brain is giving up. I feel more tired that I have in years.

Time to see how I can give myself a day of nothing to clear out before I dive back into work, content, conferences, and school.

(someone please remind me over winter holidays to take some real time off)

I read a lot and I don't remember any of it. Guess that is what happens when you don't have a moment to process anything you take in.

Currently reading:

see above

]]> <![CDATA[024: I say Privacy, You say Data Protection]]> Siobhan Solberg 2023-08-07T00:00:00+00:00 Notes will be random as randomly doing what I want is what is defining my summer this year

I talk to marketers a lot. Mostly the cool type. The ones you aspire to be like.

Those that care. Those that do right by their customers and users.

So it makes sense that they want to talk about privacy.

To talk about Data Protections.

About Compliance.

It also makes sense that they want to talk about ethics.

AND why not just lump them all together: one big happy package of doing good by your customer.

But it’s not the same.

Privacy: a state in which one is not observed or disturbed by other people

Data Protection: a strategy set to secure privacy, availability, & integrity of data

Ethics: moral principles that govern a person's behavior or the conducting of an activity.

Compliance: he action or fact of complying with a wish or command.

They are different. Very much so. And they have different applications.

Now I understand that Privacy and Data Protection get used interchangeably - a lot. And that is ok.

But it's crucial you understand what the difference is, especially if you talk to people from other countries who use words differently.

Some Data Protection some say Privacy. Some say Data Privacy some say Compliance.

But back to the point.

Be aware of what word you use. Know what you mean. Explain it.

I have been is too many situations where we talk past each other.

Questions go unanswered or feel like they are being avoided.


Because I think of Compliance as - "in compliance with" and not it's own thing.

I use Privacy to mean Data Privacy and Data Protection.

I think what is ethical is hard to define and use Ethics to generally mean being morally good.

But others don't.

Want to hear some of the confusions that can happen as well as some insightful conversations on Privacy and Ethics go check out the conversation we had with the TLC community here.

Currently Reading:

Your Privacy is Important to U$! by Jan Trazkowski


Kitchen Confidential by Anthony Bourdain

Best Short Read:

Joe Jones LinkedIn post breaking down his takeaways on US-EU adequacy.

Best Privacy Read:

An in-depth analysis of Social Media privacy notices.

]]> <![CDATA[023: Summer Siobhan]]> Siobhan Solberg 2023-07-22T00:00:00+00:00 Thanks for your concern.

Yes, I skipped a week. Glad you missed me. Validates what I do.

I took a long weekend and promptly got sick. Right on cue.

But still it was a long weekend without work which was exactly what I needed.

Gardening, swimming in the sea, good food, early morning walks. Yes, just what I needed.

But then it was right back to it. This is going to take some getting used to. I used to work 4 days a week (I spent one full day working for myself, does that make sense?) but now I need to figure out how to get all that client work into 2 days.

2 days!!!

Is that even possible?

Maybe I don't really need 3 days to study. Let's hope I'm right and then I can take a day back for work.

And it's really going to be 2.5 days as I'll take one of my off days and work some - I always do so it might as well count.

But for now I'm not going to stress.

I'm going to let summer happen.

Summer just be.

I will cram in as many super early morning work sessions until it's vacation time. And then I'm going to let it all go. Turn on Summer Siobhan.

Summer Siobhan (this is the first year she's not turned on the whole 2 months of summer! only 3 weeks…)

Summer Siobhan doesn’t bother about:

  • her workouts

  • her bedtime

  • if she is being productive

  • reading non-fiction

  • writing

  • posting on social media

  • what she eats

  • what she drinks

…unless she wants to.

Summer Siobhan is mega.

Summer Siobhan is anything she wants to be at the moment.

The other 10 months you ask?

Well, then I get shit done. I'm still 100% me. Me that never really stops and always piles it on to high. But in those 10 months I'm disciplined me and actually get it done.

Currently Reading

Fresh Complaint by Jeffrey Eugenides

Best short read of the week

Jon Jones LinkedIn post on the EU-US adequacy decision.

Best privacy read of the week

Jamal Ahmed’s newly launched book The Easy Peasy Guide to the GDPR

]]> <![CDATA[022: My life is about to change, a lot]]> Siobhan Solberg 2023-07-10T00:00:00+00:00 That’s it.

Life as I have known it since my mid-20’s is over. 

No, I didn’t get married.

No, I did not have a kid.

I’ve decided to go back to school and that starts today.

It means studying a field I have never had to study. Getting my head back around studying, note taking, writing, challenging thoughts, a thesis, class mates.

You get the picture. 

A somewhat new world for me. But also a very exciting one.

I’m going back to school for a LLM in Data Management, Cybersecurity, and Privacy. 

What a mouthful that is. Won’t be saying that often

Back to school is easier.

Today it all started. Me a 30 others are starting our summer pre reqs before the official start in September. 

No summer vaca for me. Instead I get to learn about computer science and emerging technologies along side a healthy does of EU law. 

This will also mean that I will be reading a lot less. The potential of weekly repeats in the currently reading feature is very high. 

Drop me a message if you have any advice - it’s always welcome and it’s been nearly 20 years since I’ve been in school.

Let the fun begin. I’ll keep you posted to my journey and how I juggle (or not) work with school.

Currently reading:

The ABC’s of EU Law - for school. 

Best short read of the week:

How Threads privacy notice compares to Twitter and others.

Best Privacy read of the week:

This post breaking down the No GA ruling in Sweden. 

]]> <![CDATA[021: Finally, it's over - or is it just the beginning?]]> Siobhan Solberg 2023-07-03T00:00:00+00:00 I’m late.

Really late.

It took the weekend off. Got on a boat. Left all devices home.

It was needed after the chaos of last week.

The last minute consultations. The “everything-is-going-to-break-i-don’t-have-ga4” drama.

No preparation could have helped me. And clearly a lot of people totally failed to prepare for the dreaded July 1st.

But we survived. And your business did too. 

You might even have realise that:

  • You don’t even use all that data

  • “Listen to my gut” overrides being data-informed

  • GA is not the only solution out there

Or you freaked out and called me. Glad that’s over with.

But I’m starting to think it’s only the start. 

There will be those who realise that all that data is really not needed. That they don’t need to collect it. They don’t use it anyways. Great.

And then there are those who want their newly found GA4 to look, feel, and taste exactly as Universal Analytics did. Enter the Looker Studio copy cat dashboards.

I’m secretly hoping that people learn from this. Not learn to be more prepared but learn that they don’t need all that data. Think about what data they really need. What data they can action on. 

And while they are at it maybe they will also consider how to better respect users data (i.e more privacy focused). 

(Wishful thinking?)

In other news: I’m trying something new with my newsletter this week. Addressing real pains with real (as in my clients) solutions. Hope you guy like it. 

Currently reading: 

Industry Unbound by Ari Ezra Waldman

Best short read:

Ireland taking steps to protect Big Tech. Always fun when they pull this shit. Is it even  legal?

Best privacy read:

Nothing much this week but check out this post with all the hardcopy books that are privacy, data, and marketing related that I read (or started) this year so far. 

]]> <![CDATA[020: Has anyone adequately prepared for this?]]> Siobhan Solberg 2023-06-25T00:00:00+00:00 Nothing I could have done could have prepared me for this week. 

And I’ve done so much to prepare.

It’s the final shit show before Google forces the switch from UA to GA4. 

I’ve made it clear I’m not doing last minute jobs. I’ve made it clear that if you convince me I will tack on a mega express fee.

And it’s still happening.

I have this one rule - you don’t turn down talking to a referral. 

If a past client refers someone I will always talked to them. It’s how I get more referrals than anything. 

Also, if a past client comes to me - I talk to them and usually do the work.

Those two, referrals and past clients, have overwhelmed me this week in a way I could not have anticipated.

Did no-one read all those emails I sent about need to switch? The ones I’ve sent of the past year?

This week I have had 9 discovery calls.

I’ve agreed help out for a few.

They are all needing to pay mega fees.

All because they choose to push this decision under the rug. 

To top that all off I’ve had a lot of privacy consulting work ramp up - which is great and I love it. Best of all, it’s challenging work that is pushing me and getting me excited. Of course a lot of it is intertwined with marketing which makes it all the more fun. 

Best part, they don’t have that damn July 1st deadline.

Other than that I have had not much time to think. And I’ve taken the weekend to read fiction in the sun, go for 5am runs, bake bread, tend to my garden, and spend time with my dogs. The best prep for a long week ahead.

Currently reading:

The CIPT book from IAPP as I have to sit my exam in September. Dry and dreadful reading but mandatory for the exam. 

The fiction book I’m nearly done with is the same I’ve been for a while (and loving it more and more) - Goldfinch by Dona Tartt.

Best short read of the week:

A blog on the upcoming privacy changes at Appel by Cory Underwood.

Best privacy read of the week:

This post by Jay Averitt on what a technical privacy review is.

]]> <![CDATA[How iOS17 will mess with your attribution]]> Siobhan Solberg 2023-06-20T00:00:00+00:00 Apple announced iOS17 and all the fun that comes a long with it. The one feature that I want to discuss today is LTP.

What is LTP?

Link Tracking Protection will remove all parameters from the URL that identify a user.

So if you have a URL with campaignID you're ok.

A URL that also adds a clickID is not.

The link will still work but it will have the clickID stripped.

This is for all user specific tracking parameters, not only clickID.



LTP will be automatically enabled from Mail, Messenger, and Safari.

Why do we care?

Because Apple Mail is about 58% of the market share.

Not only that in the USA messenger has a significant market share (16% as of 2020) that is going up every year. And we all know Safari has around 20% worldwide across all platforms (27% Mobile only).

But forget all the data for now.

Remember what happened with iOS14?

Your open rates went to shit.

That's about to happen with attribution too - unless you work on a more privacy focused attribution model.

Ok great, now what?

Here are some of of the steps that I would take to start preparing for the change (Appel usually releases their new iOS in September or October and you'll have a few months before adoption becomes significant):

  • Understand what share of your users will be affected.

  • Research Private Click Measurement (Apples tracking solution) and other solutions.

  • Reconsider your attribution model.

  • Adopt more privacy focused attribution methods.

]]> <![CDATA[019: Enter at your own risk]]> Siobhan Solberg 2023-06-17T00:00:00+00:00 I’ve been up since 2:48 AM. Lying in bed my minds been playing a continuous stream of GIF ideas that have me in them.
It won’t let me be so I’ve schedule in a GIF photoshoot with myself for tomorrow.

So I’m on automatic.

I’ve walked the dogs.

I’ve fed the dogs.

I’ve fed Seymour the Second.

I’ve gone for a run in the rain (and why the fuck is in raining in Greece in June? what happened to summer?)

I’ve lifted some weights.

I’ve fed myself.

But that’s it for automatic. The rest of my day is not and that’s going to be a struggle considering it’s 8am and I’ve been up for just over 5 hours already.

Why am I telling you this?

I’m tired. Tired means no functioning filter. I can not be held responsible for what I write today.

But I will still try to reflect on my week.

Problem is I don’t remember much of the week.

I’ve done a bunch:

  • Finished phase 1 of a data governance project. All the research and most of the technical stuff is done.

  • Finally figured out that damn issue in GA4 for my client. It took way to long and I’m glad to see it over with but I’ll miss playing GA4 detective.

  • I started a lot of conversations on LinkedIn regarding consent and how people view privacy.

  • Added more speaking engagements to my calendar for the year.

A note on LinkedIn - I’ve been loving it. Once I committed to just being me and not pretending to be whatever I think the algo or someone wants me to be it’s been soooooo much fun.

It takes less effort to just be me.

And I have opinions so it’s easy to just put them out there.

Not only has it started conversations but I’ve learned a lot. I call this a huge WIN.

Another win was very much a me win. A win that will make my life easier. Something I’ve been putting off for way to long.

I finally set up my Tana in the way I need it to be.

And it feels so good. I’m actually happy looking at all I need to do now. I don’t have to constantly think about what I’m forgetting. It’s all there.

Don’t ask me why it took so long. I feel like anything that does not have direct value and is just for me takes at least 5 times as long to get done.

Yeah, I know. The whole take care of you first etc. Logically it all makes sense but in practice that’s a whole other story.

Currently reading:

When I took my altMBA they shipped us a stack of books. I did not read all of them. This week I have been rereading one started reading another.

Thanks for the Feedback - a must read for everyone. It will make us better people.

The Art of Possibility - not sure about this one yet. Having a hard time “getting it” within the first chapters but let’s see.

Best short read of the week:

Simo’s GA4 rant was def the best read of the week. Priceless.

And this piece on the Ultramarathon Mindset and how to get things done.

Best privacy read of the week:

The NY Times one what you are actually agreeing to when accepting a privacy policy.

]]> <![CDATA[018: Do I really care what I do?]]> Siobhan Solberg 2023-06-09T00:00:00+00:00 It’s been two weeks.

It feels more like 2 days.

I took some time off for the long weekend and enjoyed wandering the hills in Lisbon. That and eating a lot of sardines. Heaven.

I’ve also spent a lot of time thinking. I know - too much is no good. But I needed to gain some clarity and as I’m still only half way through I might as well tell you about the half way point, right?

“What do you do?”

I get this all the time. And it causes me to stumble over my words, mumble, throw together a bunch of words and stare blankly - all at the same time. Safe to say no one really understands me and sometimes I wonder if I understand myself.

It’s not like I’m trying to create a new category or something so (in my head) it shouldn’t be that hard.

It’s painfully hard.

I know what I do. I do it all day long.

I can’t define it. I cant explain it simply. I can’t communicate it.

So, I’ve been struggling with the definition of what I do. The “what am I in the process of pivoting to”.

Then the big A-ha moment. (yeah, I wish). Wandering from one wine bar to the next in Lisbon I thought “

“Do I really need to define that now?”

“Do I really need to finalise the what-I-do mid-pivot?”

I’ve decided no. I’ve decided this is not essential to my offering. And that I have time to deal with it when I have more clarity as to the full pivot.

So there I am. Half way into a process with a clear decision.

The other decision I made? I need to clearly define my offer(s) - no getting away with that one - to allow me to communicate better across the board as to how I can help and provide value.

Currently reading:

Stolen Focus by Johann Hari is what I’ve been reading while away. I’m nearly done and have to say that even though there are some clear i-knew-that moments it’s a must read for anyone who thinks it’s a bigger thing than just your own discipline problem (when it comes to losing focus).

Best Short Read:

The Google Analytics 4 rant by Simo is priceless.

Best Privacy Read:

Cory Underwood talking about the anticipated link tracking protection and how it will affect measurement starting with iOS17

]]> <![CDATA[017: GA4 rant - join the waitlist]]> Siobhan Solberg 2023-05-26T00:00:00+00:00 The I-need-to-switch-to-GA4-NOW onslaught has continued. 100- fold.

So much that I’m starting to wonder who actually did switch over, to GA4 or to another tool all together, in advanced.

Is there really such a lack of planning? 

It makes me think that all this “we are data driven” bullshit is really that - bullshit. 

I, for one, can’t be bothered. 

Yeah, I get it - just charge a lot and make the money, but no, I’m good. Thanks.

If people have not thought they needed it until now, and they only do because Google is scaring them with all sorts of banners and pop ups, then they don’t really need it. 

They are not making decisions based on their data.

They don’t respect their data.

They don’t do shit with their data other than have it because….well, because someone said they need to make decisions and be data driven.

Those are not who I want to work with - why would I?

It’s an afterthought for them.

And no matter what I do they won’t suddenly use that fancy dashboard. AND they will never be fully happy about the money they paid you to give them something they will never use. 

So that’s that - I have a waitlist. A 6-month waitlist. I’m happy to recommend other freelancers and agencies who are mega great at what they do. Would you like me to recommend them?

Currently reading:

The same as last week - why? I’ve been too busy fighting off all the GA4 requests.

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week:

Nothing other than this post on LinkedIn. Reverse-engenieerring a keynote.

Best privacy read of the week:

Don’t be fooled by Metas fine for data breach by Johnny Ryan in the Economist 

]]> <![CDATA[016: Is remote really best and the GA4 hustle]]> Siobhan Solberg 2023-05-19T00:00:00+00:00 I love remote work. 

I have set my whole life up to support it and allow for the flexibility of being wherever I wanted.

(Marrying someone without that flexibility was not in the plan but oh well - love happens)

This week made me appreciate face to face.

I sometimes forget how nice it is to just sit and have a conversation that leads into a meeting. 

Reading body language.

See the focus.

Being fully present. 

Even better I treasure the way it improves every meeting after, regardless if it’s online or not. 

I’ve had a crazy week. Spent most of it in London working with a client. 

A client who I used to go visit as a child and could never get enough - I swear my mom has dragged me out of that place more times than I care to remember. 

Last time I was there I was 16. 

Now I’m 40 and this week I got to meet with some of their teams to discuss how they can shift and optimise their data tech stack to think privacy first while still allowing for growth.

We have a long journey ahead but I love seeing how an institution such as this still has the motivation to move forward and consider everything from privacy and security to growth. 

In other news, the agency email and requests forms are blowing up.

No matter how many warnings have been published by me and everyone else it seems that everyone just clicked that Universal Analytics will be no more and they need to shift to GA4 - stat.

It’s a lot so we made some decisions:

  • clearly state what will and will not get done before UA is done

  • charge an expedite fee on top of the usual project rate

  • only take the clients that we want to work with

It will be a crazy June but I’m still trying, somehow, to find balance so that I don’t burn out in a month.

Currently Reading:

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week (which is also a privacy read):

Empowered by Consent 

Best privacy read of the week:

Nothing other than the newly passed Washington privacy law (I know, sounds fun)

]]> <![CDATA[015: A week full of suck]]> Siobhan Solberg 2023-05-05T00:00:00+00:00 This week sucked. It was nothing to be proud of.

It was also super productive.

(Maybe I should be a bit proud of getting some shit done)

I skipped 5, out of 6, Greek classes this week!!!!!

My husband has this thing he says about me. Something along the lines of “when she decides to do something she goes all in, semi-committed does not exist in her vocabulary”

I think he might be right.

I signed up for a Greek course that was 20 hours a week plus an hour commute each day. Along with running an agency, working as a privacy consultant, and trying to still be a decent dog-mom. 

It think it’s clear - it was way to much.

But I had said I’d do it so I did not skip class and somehow found time to study. Even though I said I would prioritise work and skip class as needed I didn’t. 

I should have. And I really do hope that I learn from this. 

Skipping most of the week gave me the time back that I needed. It allowed me to see how far back I had fallen. It made me face my notes, tasks, and to-do’s that were EVERYWHERE. Desk, desktop, iPhone, bed-side table, kitchen table. Fucking everywhere. 

How did I ever get that disorganised?

Oh well, I’ve collect all those notes now and realised how much work there is to do.

And I managed to hit 3 out of my 4 must to-do’s of the week (it’s been a while this happened).

Lessons learned - don’t take on more than you can handle or learn to semi-commit and give yourself the time you need for your priorities. 

Currently reading:

Ethical Machines by Reid  Blackman - still reading it, almost done and I still think you should: READ IT.

Best short read of the week:

How to ask OpenAI for your personal data to be deleted or not used to train its AIs

Best privacy read of the week:

This post on Privacy vs Security

]]> <![CDATA[Why you need a Data Minimisation Strategy]]> Siobhan Solberg 2023-05-04T00:00:00+00:00 In violation of Article 5(1)(c).

We see it a lot. It’s a common reason for a fine. Usually lumped together with a bunch of other Article 5 violations.

So what is it all about. 

Article 5(1)(c) of the GDRP is also know as the Data Minimisation principle and states:

(Personal data shall be…)

“(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”

And it’s not limited to the GDPR. Most US privacy laws also contain data minimisation regulation of some sort such such as:

“(c) A business’ collection, use, retention, and sharing of a consumer’s personal information shall be reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.”

And Data Minimisation, as you can see above, usually does not live alone. It’s combined with purpose limitation as well as storage (or retention) limitation. 

But first, what is Data Minimisation?

Essentially, it's means to only collect the data needed to run your business - not more.

What does that mean for marketing?

Only collect that data you can action on, that drives decision making.

It means that you need to develop a clear data strategy and fully understand what the purpose of each data point is that you collect.

There has to be a purpose behind every piece of personal data you are collecting.


Well, it’s hard to practice the principle of Data Minimisation of you don’t understand the purpose of your data nor have a retention strategy. 

If you don’t have a purpose for the personal data you collect, then you shouldn’t collect it.

If you don’t have a retention schedule for the personal data you collect, then you should not collect it. 

It all comes down to strategy. Needing to have a clear data minimisation strategy is becoming essential if you want to stay compliant.

You should:

  • only collect what you really need

  • have a clear purpose to collect it

  • have a retention schedule defined for each data point

How does this look in real life?

Let’s take a simple eCommerce transaction that requires you to ship the customer a t-shirt. 

What do we need?

Name - to know who to ship it to

Address - to know where to ship it 

Credit Card Info - to run the payment for the purchase

Retention of data is driven by various elements but in the above case we need to keep all the above information on file for returns, refunds, chargebacks, and tax reasons (depending on country up to 7 years)

Or consider you are asking users to sign up to download a white paper.

What do we need to collect?

We don’t need to collect anything really. We could just let them download the paper. But let’s assume you are using the white paper to expand your email list, then what?

Email - so we can send the email (providing they opt in)

Anything else? - No

You get the point, we only need to collect very little data and the less we collect the less risk there is. 

But we also need to grow and build a successful business, part of which is email marketing, building lead sources, re-marketing, etc.

So how do we find a balance as to what to collect and what not?

How can we still grow and honour the data minimisation principle?

Create a data minimisation strategy

Create a strategy that clearly defines:

  • what data has to be collected

  • why the data has to be collected

  • what action will be taken on the data being collected

  • how the data will affect decision making internally

  • what functions the data has

  • how long the data will be stored for 

  • the reason the data is being stored for a certain length (i.e tax, transaction, marketing)

Is Data Minimisation worth it?

100%. I’ve been telling clients for years to only collect the data that they can action on - data that drives decisions. It allows for clarity and reduces the time looking for insights - it's easy to get lost in a table full of useless data.

Here are some additional ways data minimisation can help you:

  • It helps you determine what data to collect, process, and store (and for how long to store it).

  • It helps you discover what unnecessary data you are collecting.

  • It helps expose any risks your data is exposed to while collecting, processing, and storing.

  • It helps limit the amount of personal data you are collecting.

  • It helps reduce the risk of a breach by limiting the amount of data you are collecting, processing, and storing.

  • It helps reduce time spent looking for insights in your larger-than-life data mess.

Data minimisation is not only about privacy, compliance, and reducing risks. It's about making your data more accessible and being able to action on the data you have.

]]> <![CDATA[Some thoughts on ChatGPT and Privacy]]> Siobhan Solberg 2023-05-01T00:00:00+00:00 I’m in Korea, on vacation.

Let me tell you, it’s CCTV central - you can’t do anything without being watched. It's making me uncomfortable.

It's also making me appreciate that it's not the case where I am.

But they do warn you, everywhere, so at least you're in the know.

But to the point: my thoughts on ChatGPT.

What’s the deal with ChatGPT - other than being the new shiny toy everyone wants to play with?

Personally, I think the leaps forward in AI are amazing.

Yes, even ChatGPT.

There are so many ways that it can help us without causing any harm nor misrepresenting anything.

ChatGPT can help people with dyslexia write professional emails.

AI can help diagnose rare diseases.

And, of course, it can always help generate user personas off of a data set you feed it - or pull any insights out of any dataset you have providing none of that data includes personal data.

And that’s the thing.

No personal data!

We are so excited about ChatGPT, and the possibilities of AI in general, that we are going all in. We feed it meeting minutes that contain top secrete data, import data sets that include personal data to help us gather insights, and supply it with our company financials to generate quick reports.

I want to say STOP it all.

But that’s not really an option if we want to keep growing.

Where do we draw the line?

What can, can’t, and shouldn’t we do?

How can we allow for innovation and still respect the right to privacy?

I don’t have the answers.

I do know that there is a clear line and we are overstepping it.

We are sooooooooo excited that we have forgotten to think clearly about what we are doing, what the consequences are.

When it comes to using ChatGPT to help us in marketing the possibilities are endless but how does that impact our users and customers personal data - how do we approach using ChatGPT (or anything similar) while still respecting privacy?

When feeding ChatGPT data we need a purpose for the processing of the data. We need a legal basis such as consent, legitimate interest, performance of a contract, etc.

We also need to be transparent about it.

AND we need to be able to respect our users rights when it comes to their data (think „delete all my data“, „what data do you hold of mine“, etc.)

So what do we do when we upload user surveys into ChatGPT to help us generate customer personas?

If there is no personal data involve then great, you’re in the clear.

(Remember, personal data is a big, all encompassing, term. It’s any data that relates to an identified or identifiable person. The more data points you have the more likely they are, in combination, to be personal data.)

So what if you do want to upload personal data into ChatGPT?

In short, don’t.

Still want to…then think about the following:

  • What is your purpose behind processing the data with ChatGPT?

  • What is your legal basis?

  • Do you have the users consent?

  • Are you being open and transparent with your users that you are using ChatGPT to help you?

  • How will you handle the situation if the user wants their data deleted?

  • How can you get their personal data deleted from ChatGPT?

These are the questions you need to ask yourself as you get excited over the possibilities of how marketing will benefit from AI.

There are plenty of ways we can use it to help us, and I hope that we will use it to be better and more efficient marketers.

I’m also asking that you think about what should and should not be done.

So as you explore all your opportunities also explore what needs to be put in place for you and your team to act responsibly and not but any personal data at risk.

]]> <![CDATA[014: A week that ran away, and down the rabbit hole]]> Siobhan Solberg 2023-04-29T00:00:00+00:00 The week got away from me. Not just get away, it ran away. 

It’s as if it never happened.

It started off super positive and productive and then just crashed, or better, I crashed. 

To be clear it was my first full week back since some time off so that might be the reason.

It was also my first week back training and my first week back at school so….just a bit overwhelmed.

The bits I do remember have been good even though I did not get a single thing done that I said I would.

(Have I ever mentioned that I have a weekly meeting with a friend to discuss exactly that? Every Friday we go over how our week went, challenge each others excuses, discuss options forward, and set the top priorities for the following week. It’s priceless and then best meeting I am fully committed to every week.)

I had set out to finish a blog post on Data Minimisation, record (in full) a data privacy for measurement marketing mini course, and finalize my content strategy.

What did I do instead?

Meetings - a lot of them

Got interviewed for a post on privacy and marketing

Created the script for the data privacy course

And talk a lot about how I need the content strategy but didn’t take any action on it.

So a whole lot of something that did not line up with my priorities for the week. Not great. But it happens. 

It also feels a lot like a week where I took a lot of passive action instead of active action. Not great as there needs be a balance.

The most passive action I took? Get sucked into the rabbit hole of ad tech, privacy, and all the new „solutions“. I had to do the research as I wanted to write on it for my newsletter but instead I just kept crawling deeper and deeper and never put any of my thoughts into words. The result was an email saying I’m down the rabbit hole and that once I find my way back I’ll send out what I actually learned - not super valuable, I know. 

In other news, check out this episode of Sustainable Compliance where Jacob Høedt Larse and I discuss how marketing and privacy should, and could, create a productive relationship to allow for more company growth.

Currently reading:

Ethical Machines by Reid  Blackman - just about half way through and all I can say is: READ IT.

Best short read of the week:

A great post by Steen about the value of data and my continuation on his thoughts. 

Fighting for cognitive liberty

Best privacy read of the week:

Good practice initiative for cookie banner consent management

]]> <![CDATA[013: Back to school, doing nothing, and dream clients]]> Siobhan Solberg 2023-04-21T00:00:00+00:00 Missed me?

I thought I would - but not really.

No, not you - the writing, the working, the staying on top of everything. I didn’t miss any of that. 

Which is great. I usually have a hard time taking a break. I’m always working or trying to catch up, learning new concepts and laws, or studying for some new certificate - I just don’t know how stop (FOMO?). But this time I did, and it was mind-blowing. 

I did it. I enjoyed Korea. And best of all it gave me the space to come back thinking better and with a new perspective on things. It allowed my head the nothingness it needed. 

But the world did not stop when I did - so things happened, and some major news happened all while I’m taking the time doing nothing. 

(here is my rant on feeling constantly watch and how that puts privacy here in Europe into perspective)

I’m going back to school!!!!!

Remember I mentioned that I was applying for a LLM in Cybersecurity, Privacy, and Data Management at the University of Maastricht? 

I finally got an answer back, on day 2 of my vacation, that I got in.

Starting September 2023 I’m going to learn, grow, be challenged, and more by my peers and professors and I can’t wait. 

Thankfully it’s a part time degree (2 years of it) so I can still work but I will need to have a think as to by how much I will need to reduce client work or make other adjustments. 

What else? Nothing much really. It’s been a classic first week back at work. You know. Those crazy moments of catching up, meetings, and reading all those newsletters you’ve ignored. 

It was also the first week that I’m officially working with a new client of mine (a dream client!). It’s a challenging project and I’m excited to get pushed out of my comfort zone and to challenge myself to find unique solutions. 

Some other exciting things that I did this week:

Appeared as a guest on the Sustainable Compliance podcast (I’ll push it on LinkedIn once out)

Appeared as a guest on the Privacy Pros podcast (again, I’ll let you know once it’s out)

Got quoted on my ideas around A/B testing and privacy in this PiwikPro blog on best A/B testing alternatives to Google Optimize (which is sunsetting soon)

Currently Reading:

Not much here as I’ve been mostly reading emails but I’m currently finishing up Rapt by Winifred Gallagher . The idea and the content are good although I find it a bit all over the place and feel and hard to read. I’m having a hard time defining the argument or goal of the author which is making it hard. But at the same time I’m still reading it and enjoying it as the ideas are good ones. 

Best Short Reads of the Week:

The A to Z of Artificial Intelligence by Time Magazine

Best Privacy Reads of the Week:

I’m trying to get back up to date so there is a lot of scanning and not much reading. Some things that did stand out where:

This post by Soribel Feliz about AI and Privacy common denominators 

This blog post discussing if the DPDI Bill No 2 definition of Personal Data is not in line with Convention 108

]]> <![CDATA[012: No work on vacation?]]> Siobhan Solberg 2023-04-02T00:00:00+00:00 The week before going away is always hectic.

It’s as if all those tasks, deadlines, and obligations creep up on you just then - and there is no way you’ll ever get them all done.

But I have left. And that’s it. No work for 2 weeks (this also means no weeknotes for 2 weeks).

The big Q is if that will actually happen….

I doubt it. I say it’s vacation and no work. But does that ever happen? Do I ever take a full break other than on a weekend?


The week itself has been such a blur that I’m not quite sure what I actually got done, and what didn’t get done. I’m ok with that.

I’m choosing not to reflect to much on this past week - for my sanity.

Sometimes that’s what needs to get done. Just let go and choose, consciously, to not reflect on the week. To protect yourself instead.

So here is me trying to take 10 days off and not work. I’ll report back as to what really happened once back.

(Where am I going?


Currently reading:

Slouching Toward Utopia: An Economic History of the Twentieth Century by J. Bradford DeLong

Best short read of the week:

Tubes #3: Abstract Expressionist Tech Policy

How ChatGPT and Bard Performed as My Executive Assistants

Best privacy read of the week:

GDPR vs U.S. state privacy laws: How do they measure up?

Everyone Wants your Email Address. Think Twice Before Sharing it.

]]> <![CDATA[011: Waiting, writing, and research]]> Siobhan Solberg 2023-03-24T00:00:00+00:00 A week of waiting.

Waiting for:

  • an answer from school

  • access to tools from clients

  • new clients to sign off on the last bits

But also a week of getting things done.

Most excitingly is that I finally got this site revamped. I

sn't it pretty?

I'm in love with it. The colours, the font (no, it's not a google font) - everything. Most importantly I'm happy to have a space that I love to share my thoughts and writing on. A space that I feel shows who I am and one that I'm happy to share on.

Writing is not something I'm good at. But it is something that helps me; helps get my thoughts processed.

It's something I want to get better at and getting better takes practice - so I'm trying to write. A lot.

Research is another skill I've been trying to wrap my head around. My ideas and thoughts are only worth so much, I need to get good at researching and reading on other peoples thoughts and ideas to develop mine. Keeping track of all that research is becoming tricker by the day. It's all there but not in a way that is easily useable. I have a feeling a good chunk of the next few weeks will be me trying to re-configure my system.

Next week is my last full week of work before heading out for a bit.

Currently reading:

Still working though my novel (can you believe it - I have not read a single privacy book in 2 weeks!)

Goldfinch by Donna Tratt

Best short read of the week:

Nothing really caught my eye this week - it feels like that everyone is just talking about TikTok.

This post by Tim Wilson was good though.

And this read on non-linear career paths.

Best privacy read of the week:

On EU digital strategy

]]> <![CDATA[Google Analytics Banned in the EU?]]> Siobhan Solberg 2023-03-20T00:00:00+00:00 Google Analytics is illegal.

You'll get a fine unless you switch to an alternative

You hear it everywhere.


Let's set the record straight.

Nothing is banned - the Data Protection Authorities don't have the authority to ban a tool or product.

But then what is the issue with Google Analytics?

This is where things get confusing.

- is it Personal Data?

- is it the transfer of data?

- is it a data residency or data jurisdiction?

It's a bit of all.

Personal data encompasses a lot of data points - and I mean A LOT. Any unique identifier, IP address, location, email, name, etc. It's practically a guarantee that you are processing personal data within your GA account, especially if you are linking to other Google tools such as GoogleAds.

Then we have the transfer issue. In short, the US (where Google is based) is not considered an "adequate" country - a country that is not considered up to par in regards to it's data protection and human rights according to the EU.

What does that really mean? It means we are not allowed to send personal data to the US unless we enter into a contract with standard contractual clauses that provide the data subject with a number of safeguards and rights in relation to their personal data. (Google does this btw.)

But the rights and safeguards needs to be equal to that what the EU provide. And that is a problem mainly due to FISA (The Foreign Intelligence Surveillance Act).

FISA allows the US to gather data and information on non-US citizens from any company within the US - which leads us to the next issue.

Data jurisdiction.

Where the data is located does not matter as much as what laws the data is being goverened by. Any US based company (such as Google) will need to hand the data to the US, if requested, regardless of where the data is actually stored.

To sum it up, it looks something like this:

Google Analytics collects personal data


Google transfers that data to the US (this is the case for UA, for GA4 its debatable)


Google is a US company so the US could have access to the data.

So now what?

So, what do you do now? Stick with Google Analytics and hope that the US-EU issues figure themselves out?

Believe Google when they say GA4 is privacy-focused and that's that?

Switch analytics providers?

It really comes down to what you business requires and your appetite for risk.

You'll need to ask your self a few questions:

What data do you really need?

List the data that you actually use. The data points you can action on. Not the "I want if/maybe....".

Something as simple as an agency site doesn't need much. eCommerce a bit more.

Look at your data and understand what you really need.

How valuable is that data to you?

What value does that data give to the business?

How valuable is that data to making decisions that affect the bottom line?

For example: For a company that relies heavily on Ads the data collected to understand the ROI of advertising campaigns have high value.

How much risk are you comfortable with?

How much risk are you willing to take?

Consider elements such as fines and what could happen if you are breached (this is a PR nightmare).

Weigh your odds

If, after the first question, you realise you don't need anything as complex as GA you've got the easy end of the stick; move on and find a simple alternative that gives you just what you need.

If you do need something such as GA4 and, none of the alternatives work for you, it's time to weigh your odds.

Does the value your data provides outweigh the risks?

A Note on Tools

Most tools do not work out-of-the-box. They all need some initial configurations to become compliant (yes, even GA).

Additional Resources:

CNIL guide on how to make GA compliant by using a proxy server

CNIL guidance and configuration guide for various analytics tools(mostly if you want to collect data before consent instead of relying on user consent)

Google support document on GA4 and it's EU privacy measures

A list of case summaries revolving around Google Analytics

What about consent?

Consent for cookies is an ePrivacy Directive issue. Protecting personal data of the user is GDPR. Above we focused on the GDPR issues around Google Analytics. Some SA's (Supervisory Authorities), France and Latvia for example, allow for a site to collect limited analytics data without consent arguing that basic audience measurement are strictly necessary - other SA's don't agree. Either way you will need to make sure you configure your analytics software to comply as out of the box it will not.

Closing Thoughts

Choosing (or leaving) an analytics tool is never easy and it's always easier to go with the mainstream option. But do you really need all that data?

Data for data sake is worth nothing, a waste of space, and increases risk. Any measurement strategy should start with the data you need - not want. The data you will work with. The data that will drive your decisions. The data you will action on.

Once you have a strategy in place, a reason and purpose for the data, only then is it time to consider compliance and what tools are right for your use case.

]]> <![CDATA[010: A short week of doing a lot of nothing and goodbyes]]> Siobhan Solberg 2023-03-17T00:00:00+00:00 It's been a slow moving and nothing doing type of week.

I spent most of it trying to recover from a nasty sinus infection which would imply that I had plenty of time to actually get things done being that I didn't do much of anything. But that proved wrong - I did mostly nothing.

This week also marked the end of my Privacy Accelerator mentorship I had been doing since September. It's bitter sweet. I get to reclaim my Monday nights but I will miss the tight group of privacy professionals that I formed a unique bond with. I will miss my sparing partners. I will miss my ideas and thoughts on privacy being challenged by those I trust.

But it also leaves a lot to be done. I have worked on templates and guides for all sorts of processes that will help me be a better privacy consultant down the road. These now all need to be refined, worked through, and improved to give me a foundation of pure awesomeness.

The highlights of the week:

More than doubled my newsletter subscription with this LinkedIn post - guess it hit a nerve.

Did a pod cast interview for No Hacks Marketing which was a lot of fun.

Currently Reading

I'm back to my novel for the week, finally. It's taking unusually long for me to get through it but I also don't want to put it down.

The Goldfinch by Donna Tartt

Best Short Read of the Week

Caitlin Moran: my women of the year (they're not who you think) it's a few weeks old now but just a good fun read.

Best Privacy Read of the Week

Technology vs Freedom to Think

]]> <![CDATA[A/B Testing and Privacy]]> Siobhan Solberg 2023-03-13T00:00:00+00:00 Marketing programs rely heavily on A/B testing to understand and validate what layout, changes, or additions work best for their users. It’s one of the growth levers a business uses to increase it’s revenues, AOV, or conversion rate of a specific metric. It is also utilised to run sanity tests that verify nothing is broken when releasing a new version, tool, or script on the site.

In short - it’s essential to growth.

A/B tests show a specific treatment - and change you have made and want to validate - to random users while measuring how the change affects the metrics you are testing for. To make sure any specific user sees the same version of the experiment for the whole duration of the test a cookie is set that stores all sorts of information and behaviours related to the experiment.

A big question for businesses in established (located or targeting EU based users)in the EU is if one can run an A/B test considering that it requires you to drop cookies.

The ePrivacy Directive (this is not really a GDPR issue) says that you need to get consent for all not strictly necessary cookies. Yes, that is even for cookies that do not hold any personal data.

To make it all more fun the ePrivacy Directive is interpreted slightly different by all individual EU member states but most agree that strictly necessary means anything that is required to make the site function - nothing else.

Load-balancing is ok but analytics is not.

This would imply that you can not drop a cookie for you A/B test unless you have consent. And since you can not drop a cookie pre-consent so you have to wait to get consent before loading a test.

This eliminates running an experiment on your home page or landing page as you don't want to re-load a page and show the experiment once a user has given consent. It also limits your sample size to the users who do consent.

A Solution (or rather, my way of thinking on this)

(This is not legal advice and always check with your DPO or legal team first)

In short - run the experiment.

Or, consider a soft-opt in for A/B test cookies.

Yes, I’m essentially saying that even thought you are dropping a cookie and you did not ask you users consent you should run the experiment. Especially if you are eCommerce or SaaS.


Because countries are not on the same page regarding if A/B testing is an exemption to the "strictly necessary" cookie rule.

The ePrivacy directive is applied by each country as it is not a regulation that has to be enforced in the same manner across the EU.

For example the CNIL - that is the supervisory authority in France - has an exemption for cookies used for A/B testing. Whereas the ICO, the Brits, say clearly that you can’t use an exemption for A/B testing.

Some other countries have not been tested or have not voiced their opinion.


…and the ICO

What do I do if I'm not in France?

You evaluate your risk.

It’s essential, when making any privacy vs growth decisions, to evaluate the risks involved.

In most scenarios I would say the risk is quite low for A/B testing considering:

  • Tests is only run for a limited time

  • One usually only collects aggregated data with no intention to understand users individual behaviours

  • Testing is expected by the user as it is a technique utilised to improve their user experience.


(Again, make sure you run this by your legal team or DPO - I am not a lawyer and this is not legal advice.)

When trying evaluate if it is an experiment that could be run, keep it simple.

Ask your self the following:

What is my consent rate?

If your consent rate is above 50-60% and that is enough traffic to reach a decent sample size only run the experiment when you have consent.

Risk level: almost none

Is soft-opt in an option?

Can you use soft opt in to gather consent for testing?

Check you local laws (or the laws of the country you are targeting)

Is it possible to be clear and transparent so that the user knows what we are tracking and not?

Clearly communicate what it is you are doing when asking for soft-opt in.

What are the risks to your users data when running the experiment?

Mitigate any risks to your users data and only collect as little as you can get a way with.

When using soft opt-in make sure to:

  • Be clear and transparent about what you are doing

  • State why you are doing it (the purpose)

  • Add experimentation to your Privacy Notice

  • Make it easy to opt out

Risk level: medium-low

If all of the above fail

You don't have enough traffic with consent only and you don't think soft opt-in is an option?

Now what?

It all comes down to the amount of risk you are comfortable with. If the test is high value and the risk is relatively low (placing cookies with fast expiration, no personal data, etc.) then it might be worth it to run the test anyway.

]]> <![CDATA[009: Systems, Sunk Cost Fallacy, and Client Negotiations.]]> Siobhan Solberg 2023-03-11T00:00:00+00:00 Writing and developing systems, dropping thinks after much thought, and client negotiations. A week that makes you think you are a ninja - but are you real?

Process (and how they help me stay on top)

As mentioned last week I noticed that I'm becoming my own bottle neck by keeping all my processes in my head. This thought got me to start jotting down the general outline of most of my processes that involve teams and work in general. It also got me thinking that I already have some really solid systems when it comes to learning and staying up to date (a must if you dabble in the data protection and privacy field).

Thinking on this triggered a re-read of "How to Take Smart Notes" as well as optimising my system a bit - mostly to allow for better citation of sources.

Magic happened. It took really thinking on the system, and what systems are for, to realise that I had let some crucial elements go and bringing them back to the forefront has allowed for a better understanding of what I am learning as well as better notes on the reading I"m doing to facilitate that learning. I'm excited to improve even more and finally start writing better and with less effort again.

Thinking on this was great timing as I was asked to give a presentation to others in my privacy master mind as to the importance of staying up to date and how I create systems to process, learn, and gain understanding to stay up to date and develop my own ideas.

For those who want to know, my rough system resolves around the Zettelkasten method and uses the following tools:

  • Pen and paper (mostly my reMarkable)

  • Zotero

    • I am thinking if there is a better alternative or if this is what I need to commit to. Let me know if you have any better suggestions.

  • Tana

    • My daily everything. Finally a note taking app that works for my brain. Use it for all my fleeting notes, tasks, to-dos, content creation, and project management. Some hesitancy to adding my permanent notes here as it's still in beta - will need to work around that and commit or come up with a better system.

  • Readwise (and their reader app)

    • Reader: I read almost all here. From EDPB reports to Techcrunch articles. I also take a lot of my notes within the reader and then sync the to Tana daily to process.

    • Readwise: syncs all my kindle notes and highlights to Obsidian (my old notes app which I have not fully let go of yet).

That is it, roughly. But it needs some work. It's a system that works for me and I'm not so worried about where everything goes as I do save my sources in Zotero and have my fleeting and literature notes processed daily, but it can be improved. It will take time and will evolve as I need it to.

Sunk Cost Fallacy & Decisions

A major decision of the week was to let my podcast, Marketing Unfucked, go on a hiatus. It was not an easy decision but needed to be done. It serves me, and others, the least out of all the content I produce and wears me thin. In short, until I rethink what the purpose is and how to achieve it, it's not beneficial to anyone. It's surprising how hard it was to make the decision and got me thinking of something we discussed at length during my altMBA - the sunk cost fallacy.

The awareness of the sun cost fallacy is what allowed me to make this decision so clearly. I had so much invested in the show. Money, time, guests time, writing, branding, etc. It was soooooo hard to let all that go - I have been pushing forward on the show only because of what I had invested - not because I had an clear idea, direction, benefit, or desire. So, it had to go.

I know it will be back better than ever but, for now, there are better things for me to focus on and develop.

Client Negotiations

I've been in the negotiations phase with a client for a few weeks. I hate the word "negotiation phase" as there is hardy any negotiating happening. It's more like a clarification phase. A time to gain clarity and avoid the disaster of assumptions in the future.
This specific one has been exactly that - gaining clarity and confidence in each other. We are, after all, about to enter a lengthly cooperation. It has been such a joy to work through this together with a team that thought about this whole process in the same way as I did.

Currently Reading

How to Take Smart Notes by Sönke Ahrens

Best Short Read of the Week

Æon Flux’s Surveillance Aesthetic

Best Short Privacy Read of the Week

There really was not much other than dry reading of reports and cases. This one article is the only one that sort of stood out for an interesting thought.

Protecting privacy online begins with tackling ‘digital resignation’

]]> <![CDATA[008: Processes and Time Management]]> Siobhan Solberg 2023-03-03T00:00:00+00:00 (I'm trying to be gentle with myself so from now on weeknotes will be published on Fridays or Saturdays.)

This week was all about processes (or the lack thereof), finalising a big data project, time management.


Running an agency and consulting work is all about processes - and I don't have them. Well, I do but they are in my head, not really the greatest place for them to live but it's been ok until now. This week it really hit home that processes don't help much when you are the one that owns them. It creates bottle necks and adds a ton more stress.

So I've started the mega project of jotting down all my processes. Reworking them and realising that they are living, constantly evolving, documents.

I've enjoyed it and I can already see how much simpler it all will become in the future.

Finalising Projects

A large data consulting project is coming to a close. It's a fun time as you can look back on all that was done and start documenting the final summaries and tables to enable the client to own the stack and funnel from now on. I love this bit - it's the part I get to share knowledge and empower my clients.

This clients specifically has been amazing to work with. Mostly because they had great questions and pushed me to improve my final deliverables tenfold by asking those questions. Not only am I walking away with a happy client, I'm walking away with having improved my services and a better understanding on how to make my deliverables work even better for the client in the future.

Time Management

Oh my, this is going to be a longer and harder project that I expected. Mostly due to LinkedIn and Twitter. I scroll forever - all under the pretence that I'm learning more (haha).
There have been improvements with time blocking and getting work done but there is so much more to figure out.

Most importantly, I realised I need to figure out my balance between staying up to date with marketing and privacy changes, client work, admin, project management, personal brand work, and my personal live.

I'll get there but this is definitely still a work in progress. This upcoming weeks major focus will be not wasting to much time on social and being more efficient when it comes to engaging with my network (aka not getting distracted all the time by scrolling).

Currently Reading

The Fight for Privacy by Danielle Citron - I'm only half way through and all I can say is WOW

Best Short Read of the Week

Coded Resistance, the Comic!

OpenAI has grand ‘plans’ for AGI. Here’s another way to read its manifesto

Best Privacy Read of the Week

Time to Rethink the GDPR (guidelines)?

]]> <![CDATA[007: Constraints and how they mess with your head]]> Siobhan Solberg 2023-02-24T00:00:00+00:00 Only a week has gone by? It feels like a month.

It's the first week for me with a crazy schedule. But it's done me good.

The limitations on my time have allowed my head to value the time I have a lot more - so I actually got more done that I would usually with 2x the amount of time!

Funny how that works.

Time constraints is something that has always worked for me but it's hard to implement unless I really have a constraint. Time blocking, saying I'll go to the gym or walk the dogs. None of it ever worked. I've got the discipline to sit down at my computer and work (or pretend to work) but that is it. My brain knows when I'm trying to trick it with time blocking, fake events, and moveable tasks.

Real events it's totally cool with.

Having added 15h of Greek lessons has deleted 20h of work time from my schedule, including the commute. 20 HOURS!

And in the 15h a week that I am working at the moment I'm getting more done than the 35h I used to.

It makes no sense but it's working.

Not sure what I'll do after Greek is done but I'll need to find another real constraint.

But with all the craziness - and really working when working, I have no idea what I did other than what I have in my notes. But it's not because I did not do things. It's because I did.

One thing that did come up this week, again, is how to deal with clients who are really late on allowing access to what you need. Do I trigger the pause clause? Do I wait it out?

I applied some pressure - mentioned the delay and how it will affect the deliverable but it's not working.

Also, make sure to check out the LinkedIn Live I did with 5 amazing women in the privacy field called Women Advancing Privacy. If nothing else go follow these ladies - they are top minds in privacy and have really valuable content.

Currently reading:

Still reading the Joy of Living

Have but this one (Understanding Privacy) back on the shelve as I don't have the head for it now - will get to it in the summer.

Best short read of the week:

Enjoyed this read on why UX needs to start working with others. I think that most should work across departments instead of in silos but it's nice to have someone write on it specifically from the perspective of one field and the relevant arguments.

And this LinkedIn post on the release of Privacy Sandbox on Android and it's key concepts. Check out those slides!!!

Best privacy read of the week:

This not-so-recent article came up again and it's a great read about where privacy fits, and not.

I also love this article on How to read EU regulation (they do one for CJEU cases as well).

]]> <![CDATA[006: Aimless wandering]]> Siobhan Solberg 2023-02-17T00:00:00+00:00 Walking on a sandy beach, toes digging into every step. Your metal scanner loosely in your grip. Wandering aimlessly, thinking of nothing.

You hear a beep, and another.

Start digging toward that unknown treasure.

Dig. Dig. Dig.

It keeps getting away from you.

The beeping keeps going.




That just about sums up my week: aimless wandering.

It feels as if I've lost my strategy - the one I worked so hard to craft earlier this year. It's gone. Nothing gets done. Days are spent digging for some unknown treasure or tool that will fix it all. Then, once the day is over, it's a feeling of worthlessness - of having done nothing.

That's my reality - not yours.

Your reality is that I'm super productive (that's what I'm being told at least) that I have it together, that it comes easy.

This is why it's so important for me to let you all know that it's not like that - it's up and down. It's push and pull. It's what running your own agency, consulting, and working from home can look like.

I did get some things done - thankfully:

  • Sent my newsletter discussing how and why I believe a/b testing is ok when considering privacy regulations

  • Had a good reminder that it all comes down to the 5 C's:

    • Clarity

    • Confidence

    • Credibly

    • Competence

    • Community

  • Spent a lot of times studying various ROPAs to set up a good template that I like.

  • Started reaching out to guests I'd love to see on Marketing Unf*cked for Season 3 (have any suggestions?)

Today is Random Acts of Kindness Day.

My acts of kindness will be random but I'll leave one bit of the random up to you.

I've opened up 10 x 20min time slots for you to ask me anything.

Privacy, career, pivoting, marketing, measurement, data, newsletters, podcast, live, etc...

It's all on the table.

This link is valid for 10 bookings - go get yourself one.

Currently reading:

The Joy of Living by Yongey Mingyur Rinpoche

Becoming a Privacy-Centric Marketing Organization by Michael Loban

Best short read of the week:

The "enshittification" of TikTok

Journalistic Lessons for the Algorithmic Age

Best privacy read of the week:

Draft Motion on a Resolution Draft: on the adequacy of the protection afforded by the EU-US Data Privacy Framework

]]> <![CDATA[Weeknote 005]]> Siobhan Solberg 2023-02-10T00:00:00+00:00 It's been a blur of a week. Barley remember what was done and it seems as if I have been working on one long, undefinable, task.

I get this weeks. I still take in information, read a lot, and get work done but I could not tell you any of what it all was.

It's that time of year where running an agency feels overwhelming. Had to deal with taxes and getting everything set up for the accountant. Also decided to change my tax structure so that is even more paper work.

Start of the year also means that, once I've reviewed my revenues, I make the yearly donation for 1% for the planet - this year it went to the 🐢 turtles of Greece!

The later half of the week I spent mostly on discovery calls, pitching to speak and conferences, and client work. All are fun in their own way.

Discovery calls are probably my favourite as I get to learn about a new company and what makes it tick - and there are always some fun facts about those on the call that make it worth it.

Pitching talks is not not-fun but it's a bit like applying for school or a job - that odd excitement of submitting something you prepared and the anticipation of what will happen next.

Work is work - and I love the challenge or figuring out a solution for each client. This one has been especially tricky as their business model is not something I have encountered before.

Another project I did quite a bit of work on this week is me trying to document and template various data protection processes such as ROPA, DPIA, SAR, and privacy notices (broken into different levels of formality).


Look what arrived this week - can't wait to dig in.

Currently reading:

Understanding Privacy by Daniel Solove

Happening by Annie Ernaux

It's a very short read but one I would highly recommend. There is a realness and rawness to it that I have not encountered much in books.

Best short read of the week:

Two Supreme Court Cases that Could Break the Internet

Best privacy read of the week:

Dismantling the “Black Opticon”: Privacy, Race, Equity, and Online Data-Protection Reform by Anita L Allan

]]> <![CDATA[Weeknote 004]]> Siobhan Solberg 2023-02-04T00:00:00+00:00 What a long week.

What an amazing week.

I got to spend most of my week at Superweek - the Beyonce of analytics conferences. The amount of sharp minds there is awe inducing.

Not only did I get to reconnect with old friends, make new ones, and hear about great ideas - I also got to present some of my ideas.

I gave a presentation on How to Rethink Data Protection, spoke on The Future of Analytics, and discuss (in an interview setting) in Data and Ethics.

I've also learned soooo much.

Giving a new presentation was nerve racking as it's been years since doing any live conferences - it reminded me that I always overthink it and put way to many notes into my talk which I then ignore as I prefer interacting with the audience instead of looking at my screen. Problem with that is that I forgot to mention a bunch of things I wanted to.

I will need to remember that I just need to get a lot more comfortable with the presentation so that I don't need to rely on notes so much.

Of course the interview type discussions went well - they aren't scripted and I strive in those situations.

It seems like I did so little this week - just Superweek. But that would be a disservice to such a phenomenal conference. A week in the countryside of Hungary with the amazing minds you find in the data and analytics community is priceless. Not only is it a lot of fun (maybe even too much fun) but you walk away with better ideas, new ideas, and the challenge to rethink old ideas.

Currently reading:

Understanding Privacy by Daniel Solove

Practical Synthetic Data Generation by El Emam, Mosquera, and Hoptroff

The Goldfinch by Donna Tartt

Best short read of the week:

How hard should I push myself? by Dan Shipper

Best privacy read of the week:

Murky Consent by Daniel Solove

]]> <![CDATA[Weeknote 003]]> Siobhan Solberg 2023-01-27T00:00:00+00:00 It's been a week.

A week to be grateful for. A week of a lot of change. A week of ups and downs.

Most importantly, a week of growth - and a lot of it.

I passed my CIPP/E on Monday.

What a relief but it also raised so many questions around why such an exam helps, or not.

I can't stop thinking that it's more and exercise in test taking and deciphering badly written questions (I feel for those who have to take this when english is their second language) than my understanding of the GDPR.

How did passing an exam focusing on random memorization of some article along with the history of data privacy help me further as a privacy professional?

Hence only relieve - no real excitement. The thrill that I get in growing as a privacy pro happens within my community and in my mastermind sessions. This is where we discuss and learn about how to apply elements of the GDPR, how rulings have an effect on the future of data protection, how to work with people to further understanding and champion growth.

So, yeah, not a huge fan of exams but they serve their purpose - they at least enforces some sort of standard.

But that was only Monday. Like I said - a full week.

I've spend the rest of the week traveling and working with a client consulting on data flows and management. It reminded me that, although it is energy draining, I've missed in person meetings and the interactions with everyone within my clients teams.

Never have I joined clients on an off-site or meeting where I have not walked away with more than I walked in. I always learn something new, make a new connection, get pushed out of my comfort zone and ultimately grow just a little bit.

I'm now looking forward to taking everything I collected and learned in the past dew days and making some sense out of it all to help my client grow and build their venture more efficiently.

In other news I have managed to:

- send out another edition of Sporadic Ramblings (it's been living up to it's name but I need to get more consistent with it)

- submitted my advanced masters application; now it's time to sit and wait

Random learning of the week:

I'm soooo much more productive in airport lounges and random coffee shops. It's like those are the only places I don't get distracted. In my home office there is always something better to do. Lounges and coffee shops it seems there is not.

Currently Reading:

(just finished)

The Surrender Experiment by Michael Singer - interesting read although lacking substance a bit

(still working on)

Understanding Privacy by Daniel Solove

(working on for a good 6 months already)

The Goldfinch by Donna Tartt

Best short read of the week:

AI Gonvernance in the time of generative AI

Best privacy read of the week:

]]> <![CDATA[Weeknote 002]]> Siobhan Solberg 2023-01-20T00:00:00+00:00 Another uneventful but productive week. I'm not really sure if I prefer the boring, , and nothing else type of week or those super stressful pulling-my-hair-out type of weeks.

Most of my week was studying for my CIPP/E which really means re-reading, questioning, and doubting everything.

Why does your brain do that?

I know this stuff - I've know it a while - but here I go thinking I don't know anything and can't even list the data principals without missing out (and I write and talk about these all the time!).

So yeah, a privacy heavy week and it will be a privacy busy weekend as well. Exam is on Monday so let's hope for the best.

To make the week even more privacy heavy a bunch of decisions and reports were published from Facebook to Cookie Banner Taskforce reports and everything in between. I should start counting the number of pages I read to stay on top of things - it's insane. And I don't even feel on top of it - the moment I get it they go an release another. Go easy guys - we just can't spend our whole day reading. Please just drip feed it instead.

In other news...

Signed another "we need to switch to GA4, yesterday..." client - these are also becoming routine and my guess is that they will increase with time. In March, when Shopify switches over, is when I'm expecting the biggest hit. I should probably prepare for that, but I'm not.

I've also managed to tackle my main goals for the week:

1. Studied - a lot! (no surprise here)

2. Finished my motivational letter my school application

3. Applies for the greek intensive program

It feels good to get those done - I'm soooo bad at getting things done in time.

Good news is that my accountability group (it's just 3 friends who are all building their own biz) is back on track which makes sticking to my goals for the week a lot easier.

Currently Reading:

Understanding Privacy by Daniel J. Solove

(Another book called Understanding Privacy also just arrived in the mail, this one by Heather Burns)

Best Short Read:

The Cookie Banner Taskforce Report.

Why? because it's just a repeat of everything most of us have been saying for ever.

I summed it up this way:

Best Privacy Read:

See above...

]]> <![CDATA[Weeknote 001]]> Siobhan Solberg 2023-01-13T00:00:00+00:00 (I’ve been writing weekly reviews, aka week notes, for a few years. Considering a lot of people have been asking anything from how do you balance life and work, career pivots, and how to get into privacy, I’ve decided to make my growth journey public)

It’s been a slow week as most of it was spend trying to breath and hacking up whatever was getting stuck in my chest. The week has been a blur or tea, chicken soup, and netflix. Not much in terms of thoughts but sometimes life goes that way.

Still got some things started (but far from done):

  1. I’ve been toying with the idea to go back to school for an LLM. It’s been a lot of back an forth but I’ve finally pulled the trigger and started my application. Motivational letters are a bitch but I’ll get there. Am really excited how this could affect my thinking and career. 

  2. I need to get this Greek thing down so I’ve committed to taking an intensive language course next month. Only having the basics of any language of the country you live in is not easy - it holds back a lot of opportunities both professional and personal. 

  3. Privacy accelerator started up again - sooooo happy. It works wonders for my motivation and is great review of concepts you think you understood until you realise you didn’t. 

Rant of the week:

Poor Fiona had to hear me rip about how so many courses out there are pure bull shit. Most don't offer anything more than what they already offer for free - it's just packaged to be more accessible. If you would just sit down and take the time to process all the information you take in (yes, that means taking time to think and nothing else) you'd have all the info those guys are packaging without the price tag.

Currently Reading:

Best short form read of the week:

Best privacy related read of the week:

This little argument here is priceless (I’m assuming we already know all about THE decision)