Siobhan Solberg 2023-05-26T00:00:00+00:00 <![CDATA[GA4 rant - join the waitlist]]> Siobhan Solberg 2023-05-26T00:00:00+00:00 The I-need-to-switch-to-GA4-NOW onslaught has continued. 100- fold.

So much that I’m starting to wonder who actually did switch over, to GA4 or to another tool all together, in advanced.

Is there really such a lack of planning? 

It makes me think that all this “we are data driven” bullshit is really that - bullshit. 

I, for one, can’t be bothered. 

Yeah, I get it - just charge a lot and make the money, but no, I’m good. Thanks.

If people have not thought they needed it until now, and they only do because Google is scaring them with all sorts of banners and pop ups, then they don’t really need it. 

They are not making decisions based on their data.

They don’t respect their data.

They don’t do shit with their data other than have it because….well, because someone said they need to make decisions and be data driven.

Those are not who I want to work with - why would I?

It’s an afterthought for them.

And no matter what I do they won’t suddenly use that fancy dashboard. AND they will never be fully happy about the money they paid you to give them something they will never use. 

So that’s that - I have a waitlist. A 6-month waitlist. I’m happy to recommend other freelancers and agencies who are mega great at what they do. Would you like me to recommend them?

Currently reading:

The same as last week - why? I’ve been too busy fighting off all the GA4 requests.

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week:

Nothing other than this post on LinkedIn. Reverse-engenieerring a keynote.

Best privacy read of the week:

Don’t be fooled by Metas fine for data breach by Johnny Ryan in the Economist 

]]> <![CDATA[Is remote really best and the GA4 hustle]]> Siobhan Solberg 2023-05-19T00:00:00+00:00 I love remote work. 

I have set my whole life up to support it and allow for the flexibility of being wherever I wanted.

(Marrying someone without that flexibility was not in the plan but oh well - love happens)

This week made me appreciate face to face.

I sometimes forget how nice it is to just sit and have a conversation that leads into a meeting. 

Reading body language.

See the focus.

Being fully present. 

Even better I treasure the way it improves every meeting after, regardless if it’s online or not. 

I’ve had a crazy week. Spent most of it in London working with a client. 

A client who I used to go visit as a child and could never get enough - I swear my mom has dragged me out of that place more times than I care to remember. 

Last time I was there I was 16. 

Now I’m 40 and this week I got to meet with some of their teams to discuss how they can shift and optimise their data tech stack to think privacy first while still allowing for growth.

We have a long journey ahead but I love seeing how an institution such as this still has the motivation to move forward and consider everything from privacy and security to growth. 

In other news, the agency email and requests forms are blowing up.

No matter how many warnings have been published by me and everyone else it seems that everyone just clicked that Universal Analytics will be no more and they need to shift to GA4 - stat.

It’s a lot so we made some decisions:

  • clearly state what will and will not get done before UA is done

  • charge an expedite fee on top of the usual project rate

  • only take the clients that we want to work with

It will be a crazy June but I’m still trying, somehow, to find balance so that I don’t burn out in a month.

Currently Reading:

Data Governance: The Definitive Guide - this is mostly to freshen up on things as one of my projects has a data governance policy deliverable.

 A Human Algorithm by Flynn Coleman - exited about this one and looking forward to the AI bookclub discussing with Flynn on this.

Best short read of the week (which is also a privacy read):

Empowered by Consent 

Best privacy read of the week:

Nothing other than the newly passed Washington privacy law (I know, sounds fun)

]]> <![CDATA[A week full of suck]]> Siobhan Solberg 2023-05-05T00:00:00+00:00 This week sucked. It was nothing to be proud of.

It was also super productive.

(Maybe I should be a bit proud of getting some shit done)

I skipped 5, out of 6, Greek classes this week!!!!!

My husband has this thing he says about me. Something along the lines of “when she decides to do something she goes all in, semi-committed does not exist in her vocabulary”

I think he might be right.

I signed up for a Greek course that was 20 hours a week plus an hour commute each day. Along with running an agency, working as a privacy consultant, and trying to still be a decent dog-mom. 

It think it’s clear - it was way to much.

But I had said I’d do it so I did not skip class and somehow found time to study. Even though I said I would prioritise work and skip class as needed I didn’t. 

I should have. And I really do hope that I learn from this. 

Skipping most of the week gave me the time back that I needed. It allowed me to see how far back I had fallen. It made me face my notes, tasks, and to-do’s that were EVERYWHERE. Desk, desktop, iPhone, bed-side table, kitchen table. Fucking everywhere. 

How did I ever get that disorganised?

Oh well, I’ve collect all those notes now and realised how much work there is to do.

And I managed to hit 3 out of my 4 must to-do’s of the week (it’s been a while this happened).

Lessons learned - don’t take on more than you can handle or learn to semi-commit and give yourself the time you need for your priorities. 

Currently reading:

Ethical Machines by Reid  Blackman - still reading it, almost done and I still think you should: READ IT.

Best short read of the week:

How to ask OpenAI for your personal data to be deleted or not used to train its AIs

Best privacy read of the week:

This post on Privacy vs Security

]]> <![CDATA[Why you need a Data Minimisation Strategy]]> Siobhan Solberg 2023-05-04T00:00:00+00:00 In violation of Article 5(1)(c).

We see it a lot. It’s a common reason for a fine. Usually lumped together with a bunch of other Article 5 violations.

So what is it all about. 

Article 5(1)(c) of the GDRP is also know as the Data Minimisation principle and states:

(Personal data shall be…)

“(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”

And it’s not limited to the GDPR. Most US privacy laws also contain data minimisation regulation of some sort such such as:

“(c) A business’ collection, use, retention, and sharing of a consumer’s personal information shall be reasonably necessary and proportionate to achieve the purposes for which the personal information was collected or processed, or for another disclosed purpose that is compatible with the context in which the personal information was collected, and not further processed in a manner that is incompatible with those purposes.”

And Data Minimisation, as you can see above, usually does not live alone. It’s combined with purpose limitation as well as storage (or retention) limitation. 

But first, what is Data Minimisation?

Essentially, it's means to only collect the data needed to run your business - not more.

What does that mean for marketing?

Only collect that data you can action on, that drives decision making.

It means that you need to develop a clear data strategy and fully understand what the purpose of each data point is that you collect.

There has to be a purpose behind every piece of personal data you are collecting.


Well, it’s hard to practice the principle of Data Minimisation of you don’t understand the purpose of your data nor have a retention strategy. 

If you don’t have a purpose for the personal data you collect, then you shouldn’t collect it.

If you don’t have a retention schedule for the personal data you collect, then you should not collect it. 

It all comes down to strategy. Needing to have a clear data minimisation strategy is becoming essential if you want to stay compliant.

You should:

  • only collect what you really need

  • have a clear purpose to collect it

  • have a retention schedule defined for each data point

How does this look in real life?

Let’s take a simple eCommerce transaction that requires you to ship the customer a t-shirt. 

What do we need?

Name - to know who to ship it to

Address - to know where to ship it 

Credit Card Info - to run the payment for the purchase

Retention of data is driven by various elements but in the above case we need to keep all the above information on file for returns, refunds, chargebacks, and tax reasons (depending on country up to 7 years)

Or consider you are asking users to sign up to download a white paper.

What do we need to collect?

We don’t need to collect anything really. We could just let them download the paper. But let’s assume you are using the white paper to expand your email list, then what?

Email - so we can send the email (providing they opt in)

Anything else? - No

You get the point, we only need to collect very little data and the less we collect the less risk there is. 

But we also need to grow and build a successful business, part of which is email marketing, building lead sources, re-marketing, etc.

So how do we find a balance as to what to collect and what not?

How can we still grow and honour the data minimisation principle?

Create a data minimisation strategy

Create a strategy that clearly defines:

  • what data has to be collected

  • why the data has to be collected

  • what action will be taken on the data being collected

  • how the data will affect decision making internally

  • what functions the data has

  • how long the data will be stored for 

  • the reason the data is being stored for a certain length (i.e tax, transaction, marketing)

Is Data Minimisation worth it?

100%. I’ve been telling clients for years to only collect the data that they can action on - data that drives decisions. It allows for clarity and reduces the time looking for insights - it's easy to get lost in a table full of useless data.

Here are some additional ways data minimisation can help you:

  • It helps you determine what data to collect, process, and store (and for how long to store it).

  • It helps you discover what unnecessary data you are collecting.

  • It helps expose any risks your data is exposed to while collecting, processing, and storing.

  • It helps limit the amount of personal data you are collecting.

  • It helps reduce the risk of a breach by limiting the amount of data you are collecting, processing, and storing.

  • It helps reduce time spent looking for insights in your larger-than-life data mess.

Data minimisation is not only about privacy, compliance, and reducing risks. It's about making your data more accessible and being able to action on the data you have.

]]> <![CDATA[A week that ran away, and down the rabbit hole]]> Siobhan Solberg 2023-04-29T00:00:00+00:00 The week got away from me. Not just get away, it ran away. 

It’s as if it never happened.

It started off super positive and productive and then just crashed, or better, I crashed. 

To be clear it was my first full week back since some time off so that might be the reason.

It was also my first week back training and my first week back at school so….just a bit overwhelmed.

The bits I do remember have been good even though I did not get a single thing done that I said I would.

(Have I ever mentioned that I have a weekly meeting with a friend to discuss exactly that? Every Friday we go over how our week went, challenge each others excuses, discuss options forward, and set the top priorities for the following week. It’s priceless and then best meeting I am fully committed to every week.)

I had set out to finish a blog post on Data Minimisation, record (in full) a data privacy for measurement marketing mini course, and finalize my content strategy.

What did I do instead?

Meetings - a lot of them

Got interviewed for a post on privacy and marketing

Created the script for the data privacy course

And talk a lot about how I need the content strategy but didn’t take any action on it.

So a whole lot of something that did not line up with my priorities for the week. Not great. But it happens. 

It also feels a lot like a week where I took a lot of passive action instead of active action. Not great as there needs be a balance.

The most passive action I took? Get sucked into the rabbit hole of ad tech, privacy, and all the new „solutions“. I had to do the research as I wanted to write on it for my newsletter but instead I just kept crawling deeper and deeper and never put any of my thoughts into words. The result was an email saying I’m down the rabbit hole and that once I find my way back I’ll send out what I actually learned - not super valuable, I know. 

In other news, check out this episode of Sustainable Compliance where Jacob Høedt Larse and I discuss how marketing and privacy should, and could, create a productive relationship to allow for more company growth.

Currently reading:

Ethical Machines by Reid  Blackman - just about half way through and all I can say is: READ IT.

Best short read of the week:

A great post by Steen about the value of data and my continuation on his thoughts. 

Fighting for cognitive liberty

Best privacy read of the week:

Good practice initiative for cookie banner consent management

]]> <![CDATA[Back to school, doing nothing, and dream clients]]> Siobhan Solberg 2023-04-21T00:00:00+00:00 Missed me?

I thought I would - but not really.

No, not you - the writing, the working, the staying on top of everything. I didn’t miss any of that. 

Which is great. I usually have a hard time taking a break. I’m always working or trying to catch up, learning new concepts and laws, or studying for some new certificate - I just don’t know how stop (FOMO?). But this time I did, and it was mind-blowing. 

I did it. I enjoyed Korea. And best of all it gave me the space to come back thinking better and with a new perspective on things. It allowed my head the nothingness it needed. 

But the world did not stop when I did - so things happened, and some major news happened all while I’m taking the time doing nothing. 

(here is my rant on feeling constantly watch and how that puts privacy here in Europe into perspective)

I’m going back to school!!!!!

Remember I mentioned that I was applying for a LLM in Cybersecurity, Privacy, and Data Management at the University of Maastricht? 

I finally got an answer back, on day 2 of my vacation, that I got in.

Starting September 2023 I’m going to learn, grow, be challenged, and more by my peers and professors and I can’t wait. 

Thankfully it’s a part time degree (2 years of it) so I can still work but I will need to have a think as to by how much I will need to reduce client work or make other adjustments. 

What else? Nothing much really. It’s been a classic first week back at work. You know. Those crazy moments of catching up, meetings, and reading all those newsletters you’ve ignored. 

It was also the first week that I’m officially working with a new client of mine (a dream client!). It’s a challenging project and I’m excited to get pushed out of my comfort zone and to challenge myself to find unique solutions. 

Some other exciting things that I did this week:

Appeared as a guest on the Sustainable Compliance podcast (I’ll push it on LinkedIn once out)

Appeared as a guest on the Privacy Pros podcast (again, I’ll let you know once it’s out)

Got quoted on my ideas around A/B testing and privacy in this PiwikPro blog on best A/B testing alternatives to Google Optimize (which is sunsetting soon)

Currently Reading:

Not much here as I’ve been mostly reading emails but I’m currently finishing up Rapt by Winifred Gallagher . The idea and the content are good although I find it a bit all over the place and feel and hard to read. I’m having a hard time defining the argument or goal of the author which is making it hard. But at the same time I’m still reading it and enjoying it as the ideas are good ones. 

Best Short Reads of the Week:

The A to Z of Artificial Intelligence by Time Magazine

Best Privacy Reads of the Week:

I’m trying to get back up to date so there is a lot of scanning and not much reading. Some things that did stand out where:

This post by Soribel Feliz about AI and Privacy common denominators 

This blog post discussing if the DPDI Bill No 2 definition of Personal Data is not in line with Convention 108

]]> <![CDATA[No work on vacation?]]> Siobhan Solberg 2023-04-02T00:00:00+00:00 The week before going away is always hectic.

It’s as if all those tasks, deadlines, and obligations creep up on you just then - and there is no way you’ll ever get them all done.

But I have left. And that’s it. No work for 2 weeks (this also means no weeknotes for 2 weeks).

The big Q is if that will actually happen….

I doubt it. I say it’s vacation and no work. But does that ever happen? Do I ever take a full break other than on a weekend?


The week itself has been such a blur that I’m not quite sure what I actually got done, and what didn’t get done. I’m ok with that.

I’m choosing not to reflect to much on this past week - for my sanity.

Sometimes that’s what needs to get done. Just let go and choose, consciously, to not reflect on the week. To protect yourself instead.

So here is me trying to take 10 days off and not work. I’ll report back as to what really happened once back.

(Where am I going?


Currently reading:

Slouching Toward Utopia: An Economic History of the Twentieth Century by J. Bradford DeLong

Best short read of the week:

Tubes #3: Abstract Expressionist Tech Policy

How ChatGPT and Bard Performed as My Executive Assistants

Best privacy read of the week:

GDPR vs U.S. state privacy laws: How do they measure up?

Everyone Wants your Email Address. Think Twice Before Sharing it.

]]> <![CDATA[Waiting, writing, and research]]> Siobhan Solberg 2023-03-24T00:00:00+00:00 A week of waiting.

Waiting for:

  • an answer from school

  • access to tools from clients

  • new clients to sign off on the last bits

But also a week of getting things done.

Most excitingly is that I finally got this site revamped. I

sn't it pretty?

I'm in love with it. The colours, the font (no, it's not a google font) - everything. Most importantly I'm happy to have a space that I love to share my thoughts and writing on. A space that I feel shows who I am and one that I'm happy to share on.

Writing is not something I'm good at. But it is something that helps me; helps get my thoughts processed.

It's something I want to get better at and getting better takes practice - so I'm trying to write. A lot.

Research is another skill I've been trying to wrap my head around. My ideas and thoughts are only worth so much, I need to get good at researching and reading on other peoples thoughts and ideas to develop mine. Keeping track of all that research is becoming tricker by the day. It's all there but not in a way that is easily useable. I have a feeling a good chunk of the next few weeks will be me trying to re-configure my system.

Next week is my last full week of work before heading out for a bit.

Currently reading:

Still working though my novel (can you believe it - I have not read a single privacy book in 2 weeks!)

Goldfinch by Donna Tratt

Best short read of the week:

Nothing really caught my eye this week - it feels like that everyone is just talking about TikTok.

This post by Tim Wilson was good though.

And this read on non-linear career paths.

Best privacy read of the week:

On EU digital strategy

]]> <![CDATA[Google Analytics Banned in the EU?]]> Siobhan Solberg 2023-03-20T00:00:00+00:00 Google Analytics is illegal.

You'll get a fine unless you switch to an alternative

You hear it everywhere.


Let's set the record straight.

Nothing is banned - the Data Protection Authorities don't have the authority to ban a tool or product.

But then what is the issue with Google Analytics?

This is where things get confusing.

- is it Personal Data?

- is it the transfer of data?

- is it a data residency or data jurisdiction?

It's a bit of all.

Personal data encompasses a lot of data points - and I mean A LOT. Any unique identifier, IP address, location, email, name, etc. It's practically a guarantee that you are processing personal data within your GA account, especially if you are linking to other Google tools such as GoogleAds.

Then we have the transfer issue. In short, the US (where Google is based) is not considered an "adequate" country - a country that is not considered up to par in regards to it's data protection and human rights according to the EU.

What does that really mean? It means we are not allowed to send personal data to the US unless we enter into a contract with standard contractual clauses that provide the data subject with a number of safeguards and rights in relation to their personal data. (Google does this btw.)

But the rights and safeguards needs to be equal to that what the EU provide. And that is a problem mainly due to FISA (The Foreign Intelligence Surveillance Act).

FISA allows the US to gather data and information on non-US citizens from any company within the US - which leads us to the next issue.

Data jurisdiction.

Where the data is located does not matter as much as what laws the data is being goverened by. Any US based company (such as Google) will need to hand the data to the US, if requested, regardless of where the data is actually stored.

To sum it up, it looks something like this:

Google Analytics collects personal data


Google transfers that data to the US (this is the case for UA, for GA4 its debatable)


Google is a US company so the US could have access to the data.

So now what?

So, what do you do now? Stick with Google Analytics and hope that the US-EU issues figure themselves out?

Believe Google when they say GA4 is privacy-focused and that's that?

Switch analytics providers?

It really comes down to what you business requires and your appetite for risk.

You'll need to ask your self a few questions:

What data do you really need?

List the data that you actually use. The data points you can action on. Not the "I want if/maybe....".

Something as simple as an agency site doesn't need much. eCommerce a bit more.

Look at your data and understand what you really need.

How valuable is that data to you?

What value does that data give to the business?

How valuable is that data to making decisions that affect the bottom line?

For example: For a company that relies heavily on Ads the data collected to understand the ROI of advertising campaigns have high value.

How much risk are you comfortable with?

How much risk are you willing to take?

Consider elements such as fines and what could happen if you are breached (this is a PR nightmare).

Weigh your odds

If, after the first question, you realise you don't need anything as complex as GA you've got the easy end of the stick; move on and find a simple alternative that gives you just what you need.

If you do need something such as GA4 and, none of the alternatives work for you, it's time to weigh your odds.

Does the value your data provides outweigh the risks?

A Note on Tools

Most tools do not work out-of-the-box. They all need some initial configurations to become compliant (yes, even GA).

Additional Resources:

CNIL guide on how to make GA compliant by using a proxy server

CNIL guidance and configuration guide for various analytics tools(mostly if you want to collect data before consent instead of relying on user consent)

Google support document on GA4 and it's EU privacy measures

A list of case summaries revolving around Google Analytics

What about consent?

Consent for cookies is an ePrivacy Directive issue. Protecting personal data of the user is GDPR. Above we focused on the GDPR issues around Google Analytics. Some SA's (Supervisory Authorities), France and Latvia for example, allow for a site to collect limited analytics data without consent arguing that basic audience measurement are strictly necessary - other SA's don't agree. Either way you will need to make sure you configure your analytics software to comply as out of the box it will not.

Closing Thoughts

Choosing (or leaving) an analytics tool is never easy and it's always easier to go with the mainstream option. But do you really need all that data?

Data for data sake is worth nothing, a waste of space, and increases risk. Any measurement strategy should start with the data you need - not want. The data you will work with. The data that will drive your decisions. The data you will action on.

Once you have a strategy in place, a reason and purpose for the data, only then is it time to consider compliance and what tools are right for your use case.

]]> <![CDATA[A short week of doing a lot of nothing and goodbyes]]> Siobhan Solberg 2023-03-17T00:00:00+00:00 It's been a slow moving and nothing doing type of week.

I spent most of it trying to recover from a nasty sinus infection which would imply that I had plenty of time to actually get things done being that I didn't do much of anything. But that proved wrong - I did mostly nothing.

This week also marked the end of my Privacy Accelerator mentorship I had been doing since September. It's bitter sweet. I get to reclaim my Monday nights but I will miss the tight group of privacy professionals that I formed a unique bond with. I will miss my sparing partners. I will miss my ideas and thoughts on privacy being challenged by those I trust.

But it also leaves a lot to be done. I have worked on templates and guides for all sorts of processes that will help me be a better privacy consultant down the road. These now all need to be refined, worked through, and improved to give me a foundation of pure awesomeness.

The highlights of the week:

More than doubled my newsletter subscription with this LinkedIn post - guess it hit a nerve.

Did a pod cast interview for No Hacks Marketing which was a lot of fun.

Currently Reading

I'm back to my novel for the week, finally. It's taking unusually long for me to get through it but I also don't want to put it down.

The Goldfinch by Donna Tartt

Best Short Read of the Week

Caitlin Moran: my women of the year (they're not who you think) it's a few weeks old now but just a good fun read.

Best Privacy Read of the Week

Technology vs Freedom to Think

]]> <![CDATA[A/B Testing and Privacy]]> Siobhan Solberg 2023-03-13T00:00:00+00:00 Marketing programs rely heavily on A/B testing to understand and validate what layout, changes, or additions work best for their users. It’s one of the growth levers a business uses to increase it’s revenues, AOV, or conversion rate of a specific metric. It is also utilised to run sanity tests that verify nothing is broken when releasing a new version, tool, or script on the site.

In short - it’s essential to growth.

A/B tests show a specific treatment - and change you have made and want to validate - to random users while measuring how the change affects the metrics you are testing for. To make sure any specific user sees the same version of the experiment for the whole duration of the test a cookie is set that stores all sorts of information and behaviours related to the experiment.

A big question for businesses in established (located or targeting EU based users)in the EU is if one can run an A/B test considering that it requires you to drop cookies.

The ePrivacy Directive (this is not really a GDPR issue) says that you need to get consent for all not strictly necessary cookies. Yes, that is even for cookies that do not hold any personal data.

To make it all more fun the ePrivacy Directive is interpreted slightly different by all individual EU member states but most agree that strictly necessary means anything that is required to make the site function - nothing else.

Load-balancing is ok but analytics is not.

This would imply that you can not drop a cookie for you A/B test unless you have consent. And since you can not drop a cookie pre-consent so you have to wait to get consent before loading a test.

This eliminates running an experiment on your home page or landing page as you don't want to re-load a page and show the experiment once a user has given consent. It also limits your sample size to the users who do consent.

A Solution (or rather, my way of thinking on this)

(This is not legal advice and always check with your DPO or legal team first)

In short - run the experiment.

Or, consider a soft-opt in for A/B test cookies.

Yes, I’m essentially saying that even thought you are dropping a cookie and you did not ask you users consent you should run the experiment. Especially if you are eCommerce or SaaS.


Because countries are not on the same page regarding if A/B testing is an exemption to the "strictly necessary" cookie rule.

The ePrivacy directive is applied by each country as it is not a regulation that has to be enforced in the same manner across the EU.

For example the CNIL - that is the supervisory authority in France - has an exemption for cookies used for A/B testing. Whereas the ICO, the Brits, say clearly that you can’t use an exemption for A/B testing.

Some other countries have not been tested or have not voiced their opinion.


…and the ICO

What do I do if I'm not in France?

You evaluate your risk.

It’s essential, when making any privacy vs growth decisions, to evaluate the risks involved.

In most scenarios I would say the risk is quite low for A/B testing considering:

  • Tests is only run for a limited time

  • One usually only collects aggregated data with no intention to understand users individual behaviours

  • Testing is expected by the user as it is a technique utilised to improve their user experience.


(Again, make sure you run this by your legal team or DPO - I am not a lawyer and this is not legal advice.)

When trying evaluate if it is an experiment that could be run, keep it simple.

Ask your self the following:

What is my consent rate?

If your consent rate is above 50-60% and that is enough traffic to reach a decent sample size only run the experiment when you have consent.

Risk level: almost none

Is soft-opt in an option?

Can you use soft opt in to gather consent for testing?

Check you local laws (or the laws of the country you are targeting)

Is it possible to be clear and transparent so that the user knows what we are tracking and not?

Clearly communicate what it is you are doing when asking for soft-opt in.

What are the risks to your users data when running the experiment?

Mitigate any risks to your users data and only collect as little as you can get a way with.

When using soft opt-in make sure to:

  • Be clear and transparent about what you are doing

  • State why you are doing it (the purpose)

  • Add experimentation to your Privacy Notice

  • Make it easy to opt out

Risk level: medium-low

If all of the above fail

You don't have enough traffic with consent only and you don't think soft opt-in is an option?

Now what?

It all comes down to the amount of risk you are comfortable with. If the test is high value and the risk is relatively low (placing cookies with fast expiration, no personal data, etc.) then it might be worth it to run the test anyway.

]]> <![CDATA[Systems, Sunk Cost Fallacy, and Client Negotiations.]]> Siobhan Solberg 2023-03-11T00:00:00+00:00 Writing and developing systems, dropping thinks after much thought, and client negotiations. A week that makes you think you are a ninja - but are you real?

Process (and how they help me stay on top)

As mentioned last week I noticed that I'm becoming my own bottle neck by keeping all my processes in my head. This thought got me to start jotting down the general outline of most of my processes that involve teams and work in general. It also got me thinking that I already have some really solid systems when it comes to learning and staying up to date (a must if you dabble in the data protection and privacy field).

Thinking on this triggered a re-read of "How to Take Smart Notes" as well as optimising my system a bit - mostly to allow for better citation of sources.

Magic happened. It took really thinking on the system, and what systems are for, to realise that I had let some crucial elements go and bringing them back to the forefront has allowed for a better understanding of what I am learning as well as better notes on the reading I"m doing to facilitate that learning. I'm excited to improve even more and finally start writing better and with less effort again.

Thinking on this was great timing as I was asked to give a presentation to others in my privacy master mind as to the importance of staying up to date and how I create systems to process, learn, and gain understanding to stay up to date and develop my own ideas.

For those who want to know, my rough system resolves around the Zettelkasten method and uses the following tools:

  • Pen and paper (mostly my reMarkable)

  • Zotero

    • I am thinking if there is a better alternative or if this is what I need to commit to. Let me know if you have any better suggestions.

  • Tana

    • My daily everything. Finally a note taking app that works for my brain. Use it for all my fleeting notes, tasks, to-dos, content creation, and project management. Some hesitancy to adding my permanent notes here as it's still in beta - will need to work around that and commit or come up with a better system.

  • Readwise (and their reader app)

    • Reader: I read almost all here. From EDPB reports to Techcrunch articles. I also take a lot of my notes within the reader and then sync the to Tana daily to process.

    • Readwise: syncs all my kindle notes and highlights to Obsidian (my old notes app which I have not fully let go of yet).

That is it, roughly. But it needs some work. It's a system that works for me and I'm not so worried about where everything goes as I do save my sources in Zotero and have my fleeting and literature notes processed daily, but it can be improved. It will take time and will evolve as I need it to.

Sunk Cost Fallacy & Decisions

A major decision of the week was to let my podcast, Marketing Unfucked, go on a hiatus. It was not an easy decision but needed to be done. It serves me, and others, the least out of all the content I produce and wears me thin. In short, until I rethink what the purpose is and how to achieve it, it's not beneficial to anyone. It's surprising how hard it was to make the decision and got me thinking of something we discussed at length during my altMBA - the sunk cost fallacy.

The awareness of the sun cost fallacy is what allowed me to make this decision so clearly. I had so much invested in the show. Money, time, guests time, writing, branding, etc. It was soooooo hard to let all that go - I have been pushing forward on the show only because of what I had invested - not because I had an clear idea, direction, benefit, or desire. So, it had to go.

I know it will be back better than ever but, for now, there are better things for me to focus on and develop.

Client Negotiations

I've been in the negotiations phase with a client for a few weeks. I hate the word "negotiation phase" as there is hardy any negotiating happening. It's more like a clarification phase. A time to gain clarity and avoid the disaster of assumptions in the future.
This specific one has been exactly that - gaining clarity and confidence in each other. We are, after all, about to enter a lengthly cooperation. It has been such a joy to work through this together with a team that thought about this whole process in the same way as I did.

Currently Reading

How to Take Smart Notes by Sönke Ahrens

Best Short Read of the Week

Æon Flux’s Surveillance Aesthetic

Best Short Privacy Read of the Week

There really was not much other than dry reading of reports and cases. This one article is the only one that sort of stood out for an interesting thought.

Protecting privacy online begins with tackling ‘digital resignation’

]]> <![CDATA[Processes and Time Management]]> Siobhan Solberg 2023-03-03T00:00:00+00:00 (I'm trying to be gentle with myself so from now on weeknotes will be published on Fridays or Saturdays.)

This week was all about processes (or the lack thereof), finalising a big data project, time management.


Running an agency and consulting work is all about processes - and I don't have them. Well, I do but they are in my head, not really the greatest place for them to live but it's been ok until now. This week it really hit home that processes don't help much when you are the one that owns them. It creates bottle necks and adds a ton more stress.

So I've started the mega project of jotting down all my processes. Reworking them and realising that they are living, constantly evolving, documents.

I've enjoyed it and I can already see how much simpler it all will become in the future.

Finalising Projects

A large data consulting project is coming to a close. It's a fun time as you can look back on all that was done and start documenting the final summaries and tables to enable the client to own the stack and funnel from now on. I love this bit - it's the part I get to share knowledge and empower my clients.

This clients specifically has been amazing to work with. Mostly because they had great questions and pushed me to improve my final deliverables tenfold by asking those questions. Not only am I walking away with a happy client, I'm walking away with having improved my services and a better understanding on how to make my deliverables work even better for the client in the future.

Time Management

Oh my, this is going to be a longer and harder project that I expected. Mostly due to LinkedIn and Twitter. I scroll forever - all under the pretence that I'm learning more (haha).
There have been improvements with time blocking and getting work done but there is so much more to figure out.

Most importantly, I realised I need to figure out my balance between staying up to date with marketing and privacy changes, client work, admin, project management, personal brand work, and my personal live.

I'll get there but this is definitely still a work in progress. This upcoming weeks major focus will be not wasting to much time on social and being more efficient when it comes to engaging with my network (aka not getting distracted all the time by scrolling).

Currently Reading

The Fight for Privacy by Danielle Citron - I'm only half way through and all I can say is WOW

Best Short Read of the Week

Coded Resistance, the Comic!

OpenAI has grand ‘plans’ for AGI. Here’s another way to read its manifesto

Best Privacy Read of the Week

Time to Rethink the GDPR (guidelines)?

]]> <![CDATA[Constraints and how they mess with your head]]> Siobhan Solberg 2023-02-24T00:00:00+00:00 Only a week has gone by? It feels like a month.

It's the first week for me with a crazy schedule. But it's done me good.

The limitations on my time have allowed my head to value the time I have a lot more - so I actually got more done that I would usually with 2x the amount of time!

Funny how that works.

Time constraints is something that has always worked for me but it's hard to implement unless I really have a constraint. Time blocking, saying I'll go to the gym or walk the dogs. None of it ever worked. I've got the discipline to sit down at my computer and work (or pretend to work) but that is it. My brain knows when I'm trying to trick it with time blocking, fake events, and moveable tasks.

Real events it's totally cool with.

Having added 15h of Greek lessons has deleted 20h of work time from my schedule, including the commute. 20 HOURS!

And in the 15h a week that I am working at the moment I'm getting more done than the 35h I used to.

It makes no sense but it's working.

Not sure what I'll do after Greek is done but I'll need to find another real constraint.

But with all the craziness - and really working when working, I have no idea what I did other than what I have in my notes. But it's not because I did not do things. It's because I did.

One thing that did come up this week, again, is how to deal with clients who are really late on allowing access to what you need. Do I trigger the pause clause? Do I wait it out?

I applied some pressure - mentioned the delay and how it will affect the deliverable but it's not working.

Also, make sure to check out the LinkedIn Live I did with 5 amazing women in the privacy field called Women Advancing Privacy. If nothing else go follow these ladies - they are top minds in privacy and have really valuable content.

Currently reading:

Still reading the Joy of Living

Have but this one (Understanding Privacy) back on the shelve as I don't have the head for it now - will get to it in the summer.

Best short read of the week:

Enjoyed this read on why UX needs to start working with others. I think that most should work across departments instead of in silos but it's nice to have someone write on it specifically from the perspective of one field and the relevant arguments.

And this LinkedIn post on the release of Privacy Sandbox on Android and it's key concepts. Check out those slides!!!

Best privacy read of the week:

This not-so-recent article came up again and it's a great read about where privacy fits, and not.

I also love this article on How to read EU regulation (they do one for CJEU cases as well).

]]> <![CDATA[Aimless wandering]]> Siobhan Solberg 2023-02-17T00:00:00+00:00 Walking on a sandy beach, toes digging into every step. Your metal scanner loosely in your grip. Wandering aimlessly, thinking of nothing.

You hear a beep, and another.

Start digging toward that unknown treasure.

Dig. Dig. Dig.

It keeps getting away from you.

The beeping keeps going.




That just about sums up my week: aimless wandering.

It feels as if I've lost my strategy - the one I worked so hard to craft earlier this year. It's gone. Nothing gets done. Days are spent digging for some unknown treasure or tool that will fix it all. Then, once the day is over, it's a feeling of worthlessness - of having done nothing.

That's my reality - not yours.

Your reality is that I'm super productive (that's what I'm being told at least) that I have it together, that it comes easy.

This is why it's so important for me to let you all know that it's not like that - it's up and down. It's push and pull. It's what running your own agency, consulting, and working from home can look like.

I did get some things done - thankfully:

  • Sent my newsletter discussing how and why I believe a/b testing is ok when considering privacy regulations

  • Had a good reminder that it all comes down to the 5 C's:

    • Clarity

    • Confidence

    • Credibly

    • Competence

    • Community

  • Spent a lot of times studying various ROPAs to set up a good template that I like.

  • Started reaching out to guests I'd love to see on Marketing Unf*cked for Season 3 (have any suggestions?)

Today is Random Acts of Kindness Day.

My acts of kindness will be random but I'll leave one bit of the random up to you.

I've opened up 10 x 20min time slots for you to ask me anything.

Privacy, career, pivoting, marketing, measurement, data, newsletters, podcast, live, etc...

It's all on the table.

This link is valid for 10 bookings - go get yourself one.

Currently reading:

The Joy of Living by Yongey Mingyur Rinpoche

Becoming a Privacy-Centric Marketing Organization by Michael Loban

Best short read of the week:

The "enshittification" of TikTok

Journalistic Lessons for the Algorithmic Age

Best privacy read of the week:

Draft Motion on a Resolution Draft: on the adequacy of the protection afforded by the EU-US Data Privacy Framework

]]> <![CDATA[Weeknote 005]]> Siobhan Solberg 2023-02-10T00:00:00+00:00 It's been a blur of a week. Barley remember what was done and it seems as if I have been working on one long, undefinable, task.

I get this weeks. I still take in information, read a lot, and get work done but I could not tell you any of what it all was.

It's that time of year where running an agency feels overwhelming. Had to deal with taxes and getting everything set up for the accountant. Also decided to change my tax structure so that is even more paper work.

Start of the year also means that, once I've reviewed my revenues, I make the yearly donation for 1% for the planet - this year it went to the 🐢 turtles of Greece!

The later half of the week I spent mostly on discovery calls, pitching to speak and conferences, and client work. All are fun in their own way.

Discovery calls are probably my favourite as I get to learn about a new company and what makes it tick - and there are always some fun facts about those on the call that make it worth it.

Pitching talks is not not-fun but it's a bit like applying for school or a job - that odd excitement of submitting something you prepared and the anticipation of what will happen next.

Work is work - and I love the challenge or figuring out a solution for each client. This one has been especially tricky as their business model is not something I have encountered before.

Another project I did quite a bit of work on this week is me trying to document and template various data protection processes such as ROPA, DPIA, SAR, and privacy notices (broken into different levels of formality).


Look what arrived this week - can't wait to dig in.

Currently reading:

Understanding Privacy by Daniel Solove

Happening by Annie Ernaux

It's a very short read but one I would highly recommend. There is a realness and rawness to it that I have not encountered much in books.

Best short read of the week:

Two Supreme Court Cases that Could Break the Internet

Best privacy read of the week:

Dismantling the “Black Opticon”: Privacy, Race, Equity, and Online Data-Protection Reform by Anita L Allan

]]> <![CDATA[Weeknote 004]]> Siobhan Solberg 2023-02-04T00:00:00+00:00 What a long week.

What an amazing week.

I got to spend most of my week at Superweek - the Beyonce of analytics conferences. The amount of sharp minds there is awe inducing.

Not only did I get to reconnect with old friends, make new ones, and hear about great ideas - I also got to present some of my ideas.

I gave a presentation on How to Rethink Data Protection, spoke on The Future of Analytics, and discuss (in an interview setting) in Data and Ethics.

I've also learned soooo much.

Giving a new presentation was nerve racking as it's been years since doing any live conferences - it reminded me that I always overthink it and put way to many notes into my talk which I then ignore as I prefer interacting with the audience instead of looking at my screen. Problem with that is that I forgot to mention a bunch of things I wanted to.

I will need to remember that I just need to get a lot more comfortable with the presentation so that I don't need to rely on notes so much.

Of course the interview type discussions went well - they aren't scripted and I strive in those situations.

It seems like I did so little this week - just Superweek. But that would be a disservice to such a phenomenal conference. A week in the countryside of Hungary with the amazing minds you find in the data and analytics community is priceless. Not only is it a lot of fun (maybe even too much fun) but you walk away with better ideas, new ideas, and the challenge to rethink old ideas.

Currently reading:

Understanding Privacy by Daniel Solove

Practical Synthetic Data Generation by El Emam, Mosquera, and Hoptroff

The Goldfinch by Donna Tartt

Best short read of the week:

How hard should I push myself? by Dan Shipper

Best privacy read of the week:

Murky Consent by Daniel Solove

]]> <![CDATA[Weeknote 003]]> Siobhan Solberg 2023-01-27T00:00:00+00:00 It's been a week.

A week to be grateful for. A week of a lot of change. A week of ups and downs.

Most importantly, a week of growth - and a lot of it.

I passed my CIPP/E on Monday.

What a relief but it also raised so many questions around why such an exam helps, or not.

I can't stop thinking that it's more and exercise in test taking and deciphering badly written questions (I feel for those who have to take this when english is their second language) than my understanding of the GDPR.

How did passing an exam focusing on random memorization of some article along with the history of data privacy help me further as a privacy professional?

Hence only relieve - no real excitement. The thrill that I get in growing as a privacy pro happens within my community and in my mastermind sessions. This is where we discuss and learn about how to apply elements of the GDPR, how rulings have an effect on the future of data protection, how to work with people to further understanding and champion growth.

So, yeah, not a huge fan of exams but they serve their purpose - they at least enforces some sort of standard.

But that was only Monday. Like I said - a full week.

I've spend the rest of the week traveling and working with a client consulting on data flows and management. It reminded me that, although it is energy draining, I've missed in person meetings and the interactions with everyone within my clients teams.

Never have I joined clients on an off-site or meeting where I have not walked away with more than I walked in. I always learn something new, make a new connection, get pushed out of my comfort zone and ultimately grow just a little bit.

I'm now looking forward to taking everything I collected and learned in the past dew days and making some sense out of it all to help my client grow and build their venture more efficiently.

In other news I have managed to:

- send out another edition of Sporadic Ramblings (it's been living up to it's name but I need to get more consistent with it)

- submitted my advanced masters application; now it's time to sit and wait

Random learning of the week:

I'm soooo much more productive in airport lounges and random coffee shops. It's like those are the only places I don't get distracted. In my home office there is always something better to do. Lounges and coffee shops it seems there is not.

Currently Reading:

(just finished)

The Surrender Experiment by Michael Singer - interesting read although lacking substance a bit

(still working on)

Understanding Privacy by Daniel Solove

(working on for a good 6 months already)

The Goldfinch by Donna Tartt

Best short read of the week:

AI Gonvernance in the time of generative AI

Best privacy read of the week:

]]> <![CDATA[Weeknote 002]]> Siobhan Solberg 2023-01-20T00:00:00+00:00 Another uneventful but productive week. I'm not really sure if I prefer the boring, , and nothing else type of week or those super stressful pulling-my-hair-out type of weeks.

Most of my week was studying for my CIPP/E which really means re-reading, questioning, and doubting everything.

Why does your brain do that?

I know this stuff - I've know it a while - but here I go thinking I don't know anything and can't even list the data principals without missing out (and I write and talk about these all the time!).

So yeah, a privacy heavy week and it will be a privacy busy weekend as well. Exam is on Monday so let's hope for the best.

To make the week even more privacy heavy a bunch of decisions and reports were published from Facebook to Cookie Banner Taskforce reports and everything in between. I should start counting the number of pages I read to stay on top of things - it's insane. And I don't even feel on top of it - the moment I get it they go an release another. Go easy guys - we just can't spend our whole day reading. Please just drip feed it instead.

In other news...

Signed another "we need to switch to GA4, yesterday..." client - these are also becoming routine and my guess is that they will increase with time. In March, when Shopify switches over, is when I'm expecting the biggest hit. I should probably prepare for that, but I'm not.

I've also managed to tackle my main goals for the week:

1. Studied - a lot! (no surprise here)

2. Finished my motivational letter my school application

3. Applies for the greek intensive program

It feels good to get those done - I'm soooo bad at getting things done in time.

Good news is that my accountability group (it's just 3 friends who are all building their own biz) is back on track which makes sticking to my goals for the week a lot easier.

Currently Reading:

Understanding Privacy by Daniel J. Solove

(Another book called Understanding Privacy also just arrived in the mail, this one by Heather Burns)

Best Short Read:

The Cookie Banner Taskforce Report.

Why? because it's just a repeat of everything most of us have been saying for ever.

I summed it up this way:

Best Privacy Read:

See above...

]]> <![CDATA[Weeknote 001]]> Siobhan Solberg 2023-01-13T00:00:00+00:00 (I’ve been writing weekly reviews, aka week notes, for a few years. Considering a lot of people have been asking anything from how do you balance life and work, career pivots, and how to get into privacy, I’ve decided to make my growth journey public)

It’s been a slow week as most of it was spend trying to breath and hacking up whatever was getting stuck in my chest. The week has been a blur or tea, chicken soup, and netflix. Not much in terms of thoughts but sometimes life goes that way.

Still got some things started (but far from done):

  1. I’ve been toying with the idea to go back to school for an LLM. It’s been a lot of back an forth but I’ve finally pulled the trigger and started my application. Motivational letters are a bitch but I’ll get there. Am really excited how this could affect my thinking and career. 

  2. I need to get this Greek thing down so I’ve committed to taking an intensive language course next month. Only having the basics of any language of the country you live in is not easy - it holds back a lot of opportunities both professional and personal. 

  3. Privacy accelerator started up again - sooooo happy. It works wonders for my motivation and is great review of concepts you think you understood until you realise you didn’t. 

Rant of the week:

Poor Fiona had to hear me rip about how so many courses out there are pure bull shit. Most don't offer anything more than what they already offer for free - it's just packaged to be more accessible. If you would just sit down and take the time to process all the information you take in (yes, that means taking time to think and nothing else) you'd have all the info those guys are packaging without the price tag.

Currently Reading:

Best short form read of the week:

Best privacy related read of the week:

This little argument here is priceless (I’m assuming we already know all about THE decision)