Better late than never – I blame the Scottish winter darkness – I would like to share what I will be working on this year, who I will be working with, and what I would like to focus on.
Pour a coffee, it’s a long one.
The first half of 2019, obviously, has to be about Brexit. I wish it were not the case.
Starting as I mean to go on, I have joined the Tap My Data team as their regulatory adviser, where I am supporting them on UK and European privacy regulation before, during, and perhaps after the Brexit process. They have welcomed me in with a lovely interview and some sweary swag. The role came as a result of my appearance at the NADPO annual conference in November, for which I owe Rowenna Fielding much gin. It is so rewarding to be part of a privacy-positive project with privacy-positive people, at last.
This is a consultancy gig, not a permanent role, but it’s one where I do feel I am in the right place at the right time. As Brexit barrels down the motorway in one form or another, I am looking to take on more consultancy roles like my work for Tap, so get in touch to book my time here.
Aside from the active regulatory advising, I am also continuing to maintain my hobby (?!) blog, https://afterbrexit.tech, where I monitor progress on the transposition of EU laws pertaining to digital and tech throughout the Brexit process, as well as the domestic legislation which seeks to replace it. It’s very rewarding – and frankly scary – to see the site being used by the House of Commons, the European Commission, the Irish and French governments, and various media outlets. The simple truth is that Brexit is such a disastrous mess that it takes a woman working from her kitchen table in Glasgow to make sense of it. I am keen to get feedback on how the site could be adapted or expanded to meet specific needs; please get in touch if you have some.
My work on After Brexit has been noticed in other ways, which I hope will bear fruit soon.
Crossing the ocean – virtually, at least – Rian Kinney and I are monitoring the bewildering array of proposed and draft US privacy laws, private industry standards, and fumblings towards a Federal privacy law. We are doing this unpaid and voluntarily in support of the cross-project privacy initiative (more on that shortly), so that the participating projects will have a clear picture of the implementations which might be required well in advance of compliance deadlines. In the meantime, if you are a US business looking to get to grips with US or EU privacy laws, please hire Rian; she’s awesome.
With GDPR done and dusted, my writing focus for this year will be on Brexit, upcoming privacy legislation, and the junction of privacy and project governance, of which you will hear more soon. You can commission me to write for you here.
After Berlin – yes, I measure my life by WordCamp Europe – the second half of 2019 will see a return to an idea I’ve wanted to bring to fruition for several years. For now, I’m getting the idea straight in my head.
— Heather Burns (@WebDevLaw) November 9, 2018
Last year was my most vigorous year yet on the Tour de Wonk. I gave fifteen public talks and workshops, a number of private client talks, and threw in a few podcasts for fun.
I’m hoping I don’t reach fifteen talks this year; first because I’m no longer speaking at conferences where my travel and accommodation expenses are not covered, second because last year I was on the road as an escape, and third because I am about to lose my freedom of movement in Europe.
Until those gates shut, though, I will seize every moment to be in Europe that I can get. Send those invitations my way.
I have two domestic speaking engagements scheduled so far this year: a workshop on implementing privacy into projects at PHP Yorkshire, and a pep talk for app developers at CodeMobile. A few more announcements are yet to come, including a rather Smashing one.
I will be in attendance at WordCamp Europe Berlin although not speaking; after four years a field needs to lie fallow. I’ll also plan to attend DrupalCon Europe later in the year. I need to do a Joomla conference this year as well to complete the full set; hit me up, you wonderful weirdos.
Cross-project privacy working group
I don’t know that I’ve ever been so in awe of a project’s potential as I am of the cross-project privacy working group which Chris Teitzel and I gave birth to at Drupal Europe in September. Our mission – draft version 0.5 of it, at least – is to “create a common space for CMS teams to create and support privacy teams on the project and governance levels; provide guidance on implementing the Privacy by Design framework across the development workflow; share practical advice, code libraries, legal briefings, UX patterns, and useful resources; provide a space for general discussion, advice, and a sounding board for each other in support of our projects.”
We now have representatives from WordPress, Drupal, Joomla, Umbraco, and Typo3 on board, we have a repo, we have a weekly chat with proper meeting minutes, and we have support from some very impressive corners.
your open source privacy work is so critical!!!! big fans here.
— Jules Polonetsky (@JulesPolonetsky) January 6, 2019
Better get to work, then!
Our first group meeting last week was mostly listening: we took turns sharing our experiences in how privacy work is structured within our respective projects, both on the governance and code levels; we spoke about what we’ve shipped so far and how we shipped it; we spoke about what we’d like to do in future; and we spoke about the challenges and resistance each of our projects have put up against privacy work. It made me realise that there will be some diplomacy duties for the group as well, as we persuade our projects to better respect and resource privacy teams.
Now, if you can hold on for a few days, on Monday I will be announcing some pretty damn amazing news about the cross-project work. I am under a strict embargo until then.
As always, my contributions to open source privacy work are unpaid and unfunded, despite taking up to 10 hours per week of my time. If you would like to support my work on open source privacy, you can do so here.
The WordPress.org project
I now, somehow, enter my tenth year as a member of the WordPress.org open source project community. In November I retired from community organising after seven years, two cities (Glasgow and Edinburgh), and three WordCamp organising teams; in our organising ahead of WordCamp Edinburgh in November, I realised I was completely out of fresh ideas. Best to step aside and let those who have some take over.
This year I will continue to participate in, and support the work of, the WordPress.org core-privacy team as they commence their V2 roadmap and, hopefully, seek to be upgraded from a core component to a “top level” team. The active members of the team – most specifically Jonathan Desrosiers, Garret Hyder, Laken Hefner, and Birgir Erlendsson – have been bashing bug tickets with a vengeance, and people like Rian Kinney, Stefan Kremer, Leo Postovoit, Konstantinos Xenos, and Kåre Mulvad Steffensen have so much to contribute this year as well. I am hoping to see Gabor Javorszky – my bodyguard, ticket basher, and Eastern European privacy hardman – returning to the team soon too.
My personal contributions to the project, however, will be curtailed. As everyone is aware, there was a thoroughly unacceptable remark made at the State of the Word address about privacy work and about me personally. Since then, I have spoken with a lot of people, both inside the project and out, about finding the best way forward. The comment which has stuck in my mind is “I don’t see how you can go back after that.” I know, and I certainly did when my phone did not stop buzzing until 5 AM in the hours after State of the Word, that people look up to me as someone who sets an example. I would not be setting a very good one if I bowed my head and accepted personal and professional disparagement as the cost of volunteering for the WordPress project. So I will still be there for the core privacy team, both in Slack and in Berlin, and will support the V2 roadmap to the best of my professional abilities. But I’ll be doing so a lot colder than before.
In the meantime I look forward to the findings of the WordPress governance project, which I hope will restore the community to the values it used to stand for.
Outside core privacy, my other main contribution to the WordPress project will be an informal role I have been playing for several months, which is providing a listening ear and an empathetic voice for those within the massive mental health crisis which has engulfed the community over the past year. It is not a role I asked for, or applied to take on, and it is not a job I hope to keep. But it is just as important as shipping code.
Why do people confide in me? I have no clue; it’s not as if my own personal life has been short of stress. I’ve been told that people see me as a strong person whom they can trust. So I’ve taken calls at 1 AM, and I’ve taken calls at 7 AM. I’ve calmed people down on my afternoon walk. I’ve excused myself from dinner to listen to someone vent. I’ve talked people out of lashing out, publishing rants, and starting fights. I’ve turned anger into laughter, and found my own Pythonesque sense of humour re-emerging after trauma as a result. I have, along the way, realised I was looking through a very unpleasant window into how unjustifiably toxic the project has become, and no amount of smiles or swag can put that right.
I do not mind being there for the community at all. Honestly, I don’t. But it should not be happening, full stop. Those who know this mental health crisis is happening, but choose to write it off as “drama”, a sign of a lack of commitment, or false flag theatrics crafted to derail the project, do so under the weight of their own consciences. What I’ve come to understand about those people is that they don’t have any.
Me, release v4.1
Finally, I tend to be a relatively private person, but I cannot pretend that I did not live through a very public and painful ordeal last March, when in the space of 90 minutes I lost my home of 15 years with no warning in a surprise eviction courtesy of my soon-to-be ex-husband. It was the visible ending of several years of hidden hell. I could not have come through that ordeal without the support of everyone who kept me from rough sleeping, so I owe it to you to let you know: I’m doing great.
After a few months living in hotels and a squalid homeless unit, I moved into my new home in July. There was almost nothing to move in with me. I lost all of my furniture and household goods in the eviction, as well as a lot of my personal possessions – including, tragically, most of a lifetime’s worth of books – so I have had to restart from absolute scratch. It has been as physically and emotionally exhausting as you would expect.
But that restart has turned into an unexpected rebirth. Coming out of a marriage and family is disorienting for anyone, but that experience is magnified when your existence was regulated by an alcoholic who took sick pleasure in squeezing every drop of energy out of you like a sponge. One day it’s all behind you, and you’re warm and safe in your own home, and the sun is coming through the window, and it hits you: this is mine. This. Is. Mine.
So I’m figuring out who I am again. I’m reading books. I’m sewing things. I’m planning a garden. I’m cooking proper meals again (alcoholics don’t eat). I’m sleeping through the night. I’m singing badly in the kitchen. I’m talking to my houseplants. I’m re-watching all my DVDs (I wasn’t allowed to watch TV for almost two years). I’m working from my kitchen table (I wasn’t allowed to work from home for almost two years either). I’ve stopped running and started breathing. I am healing.
I can’t say I recommend the journey, but I highly recommend the destination.