For the past twenty-five years I’ve tried to avoid saying “no”. Whether in website management, security or law, “have you thought of…?” seems much more fruitful. In the short term it lets us discuss alternatives, in the long term it encourages – or at least doesn’t discourage – the questioner to come back.
So it was depressing this week to see European data protection regulators apparently saying “no” to a wide range of trans-national cloud services and business arrangements. The context of the Schrems II case seems to have led them to focus solely on the risk to data protection from the US Government. Sadly, that’s far from the only threat to our privacy and ability to control what happens to our personal data.
Taking care of personal data is complicated, and needs discussion, rather than over-simple solutions. I’m hoping the UK regulator’s response to Schrems II will let me carry on having those discussions, rather than cut them short.