Writing
Thinking on privacy, data protection, and compliance.
Practical perspectives on building programmes that hold up — not just on paper.
Companies Need to Fear Sanctions by the Data Protection Authorities
25 April 2026GDPR's record-breaking penalties are stuck in legal animation. The deterrent has gone with them.
The Consent Theatre of Cookie Banners
16 April 2026I advise organisations on cookie compliance.
Parsing Your ChatGPT History with a Second AI
3 April 2026I exported 503 conversations from ChatGPT.
From GPT-3.5 to Claude Code: What 500 Conversations Taught Me About AI
25 March 2026How a privacy professional went from sceptic to daily user, then quietly walked away — and what happened next.
The DPIA That Changed Nothing
20 March 2026Most impact assessments are finished before they start. The outcome was decided — the DPIA was just the paperwork.
The Right to Object: The Most Underused Right in the GDPR
13 March 2026Everyone knows about the right to erasure. Almost nobody talks about the one that actually has teeth.
Nobody Reads a Privacy Notice. And the People Writing Them Know It.
13 March 2026Transparency theatre and the fiction of informed consent.
AI Just Landed on Your Desk. Now What?
7 March 2026What happens when the DPO is the last to know about the AI tool everyone's already using.
Your Subject Access Request Is Not an Inconvenience
3 March 2026A data subject exercising their rights is not an attack. The way your organisation responds says everything.
Children's Data and the Illusion of Protection
1 March 2026A child under 13 had their personal data collected, processed, and monetised by one of the world’s largest platforms.