This Blog Is Part Midlife Crisis, Part Exploration, and Part ???
Embarking on a midlife journey at 43, this blog delves into self-discovery, future dreams, and fascinating detours along the way.
At the ripe old age of 43, I began having a midlife crisis.
I swear, I thought this stuff was the kind of made-up bullshit reserved as the punchline to a sitcom – a plot device to buy fancy cars, leave your spouse and family, and 'get your groove back'. It turns out, after talking with others and reading a bunch of things from those who have lived it before me, that midlife crises are real, and I'm indeed in the thick of it.
And I'm in good company.
Siddhartha Gautama (Buddha) was allegedly 35 when he attained enlightenment under the Bodhi Tree. Mohammed also received his revelations later in life – at 40. Likewise, many great writers didn't even really start until later in life. Toni Morrison published "The Bluest Eye" at 39, and one of my most favorite authors ever, George Eliot didn't publish her first book "Adam Bede" until she was 40. Not that I'm comparing myself to any of these folks. They were great – I'm just a hack on the internet.
In Late 2022, Things Started to Unravel.
Right now, as I write this, I'm in the process of quitting my job as a data protection & security consultant – my career for the last ten or so years. I've decided after many months to try something new – writing & communicating as my 'vocation'. But this isn't exactly new. It turns out, as a consultant (and previously an analyst, lawyer, & legal journalist), I've been doing some form of writing and communicating ideas for over 20 years.
I've gotten quite good at taking dry, boring technical and/or legal things and concisely making them make sense to normal people who have better things to do with their lives than read 150-page court decisions, byzantine legislation, or dry regulatory guidance. People have paid me decent money for years to do all that for them, and to synthesize complex stuff down into sensible English. Some people (not just my mom) also think I do it pretty well.
The problem is, writing in this sort of way sucks. I don't just mean that it's boring, although it absolutely is. I mean that it's soul-destroying, pointless busywork. Policies, procedures, contracts and the like aren't really designed to make the world a better place, or to fundamentally improve things. You can't protect fundamental human rights by reviewing a contract, any more than you can individually save the planet from ecological destruction by recycling a can.
That's because compliance almost never is substantive. It's not a thing – but as Zvi Mowshowitz noted on his excellent blog ‘Don’t Worry About the Vase’, it's an abstraction, a symbolic representation of the thing or process you're trying to achieve. If you haven’t read his piece, go read it now. I’ll wait.
I know this will probably upset a few of my colleagues in the field, but it's the truth. I mean, when was the last time you really read a privacy policy/notice? How meaningful to you is your company's information security policy or data use policy in your daily life? Have you even read it? When was the last time a data protection impact assessment led to a meaningful change? When was the last time you thought of the company's compliance team as anything more than a blocker?
On that note: Don't even get me started on all the contracts. Nobody other than lawyers, beleaguered DPOs, and people in the midst of litigation read the damn things. Literally no one.
In March, after four months straight of 70-hour weeks, sleepless nights and working myself sick for a client who quite literally gave zero shits, I told my employer I was stepping back – well, actually, I broke down in tears and rage quit over the phone. My boss, who is a great and patient man, convinced me to step back a moment and we settled on reduced hours and a two-week break. I took that two weeks and went to Spain.
Spain Offered Me Room to Reflect.
I settled on Alicante, a city in the Valencian Community (Comunitat Valenciana). While I've been to Spain many times, I hadn't been to Alicante before, but I had great success in Valencia a few years back, and generally liked the vibe of how Valencia and the Comunitat Valenciana treated people. Autonomous communities in a lot of ways are like US States, and Valencia (both the city and the region) very much has a California vibe. Being from California, this suits me well.
After getting my tourist on, and spending a great deal of time thinking, I realized I had a strong urge to write. Or rather, I had a deep and overriding desire to dump all the thoughts and frustrations I'd been feeling about data protection and compliance onto a page. That led to this piece (Beyond Privacy Theatre, or Why our Laws Mean We Can't Have Nice Things). It's honestly one of the most raw and real things I've ever written. And it finally allowed me to articulate why I've been so exasperated with this industry since around 2021, and with adjacent compliance industries since around 2016. In it, I wrote:
The world of data protection has largely fallen into this symbolic representation trap. This is made manifest in all the ways that organizations drown us in information to demonstrate compliance, and signal that they care about our privacy. Whether it’s the endless sea of privacy policies and notices that nobody reads, the non-negotiable e-book length data processing addendums, the cookie notice popups that never remember your preferences, the ‘risk assessments’ that don’t meaningfully evaluate risk, or the security white papers which might as well be marshmallow fluff. It's all so many words, with so little substance.
These symbolic representations exist in our world for a few reasons. Firstly, it's because this is what legislators and regulators demand and importantly, what they enforce against. This gets compounded further when you consider that with each new law, a slightly different incantation must be uttered to really demonstrate that processing is being done on the up-and-up. And woe betide to any organization that forgets to include a jurisdiction’s specific magic words or new spin on the thing the other guy said…
This is why more and more of my time as a consultant and external DPO is spent not in improving a company’s data protection practices (fixing the thing), but in writing my own 'fancy reports', and reading and making sense of everybody else's. It’s a vicious, miserable, and mostly pointless exercise, and it’s getting worse. We’re moving ever more into a world where privacy and data protection programs and efforts exist so that as Mowshowitz notes:
Putting that on a page made me realize I needed a change. And so I began the process of thinking about what I wanted to do next. I'll probably write a separate article on the details of that journey, but for the time being, I highly recommend the valued insight of a good career coach and reading (or listening to) 'The Art of Work: A Proven Path to Discovering What you Were Meant to Do' by Jeff Goins. It's a bit 'Christian Living' but Goins doesn't rub your nose in Jesus.
Okay, Great, But You Still Haven't Explained What this Blog Is About.
The short answer is, I don't really know exactly what I want this blog to be, but I have some ideas.
As I allude to in the title, this blog is partly me exercising my midlife crisis on the printed page, but also partly an opportunity to live in the moment, learn, and understand the everyday curiosities and stimulating things that life presents to all of us. I have some rough ideas and thoughts about what this might include:
Things that interest me. As a weirdo who can get into a conversation with a perfectly random stranger about nearly any subject, topics will vacillate between law, tech & policy, weird jobs & the choices we make, travel, food, booze & coffee, architecture & infrastructure, philosophy & life, cats, and who knows what else. I've already got a few thoughts in my head I plan to write about.
Current and timely things in my life. I'm setting a goal for myself to write something at least once a week – possibly more. I constantly come across interesting things while travelling, get into engrossing conversations with friends, family, and perfect strangers, read lots of interesting ideas from others I want to share, and spontaneously think about odd shit. It shouldn't be too hard.
In-depth pieces on policy & tech. I also plan to exercise my research skills and really dive into certain topics in depth, especially on policies and tech that I'm still passionate about, even if I'm burned out about compliance. I find those sorts of articles to be both fun to read and to write. This might also include interviews with interesting folks (if they'll have me).
There will be profanity, but I will try to keep it classy. There will almost certainly be cats and snark. There may be food and travel porn. I might rant a bit. If that sounds like something you might be interested in reading, you can subscribe to receive this in your inbox. I'll probably also cross-post some of this stuff on various other blogging sites & channels as well, and I may resurrect some of my older favorite posts from those places.