The General Data Protection Regulation (GDPR) epitomises what is best and worst about the EU. On the good side it prioritised protecting the privacy of the individual from criminal invasion and unscrupulous corporate overreach. On the bad side it resulted in an unwieldy, labyrinthine piece of documentation ten times as long as it needed to me which gave every qualifying organisation it a major headache when it had to implement it. Village scout troops and amateur orchestras suddenly found themselves having to jump through nearly the same regulatory hoops as Facebook, Barclays Bank and the NHS, seeking informed consent from and sending lengthy privacy policies and data transfer agreements to bemused members who neither knew nor cared what all the fuss was about. What's more, the principles of oversight and transparency underpinning GDPR are rapidly being left behind by the exponential increase in the scale, sophistication and scope of data processing made possible by AI and machine learning. The way music downloads drastically undermined the copyright protection system comes to mind.
Most importantly, the current UK data protection regime benefits from an EU adequacy decision. If the UK is to seek approval for a new one, it may not necessarily get it even if the new regulations are objectively sufficient. The EU could well use the spectre of withholding approval as leverage in the next round of the seemingly endless Brexit bunfight.
So before these particular Augean Stables are cleaned out and we free ourselves from the Procrustean confines of GDPR, we should take stock of the fact that careful navigation will be required.
Meanwhile, that's enough Classical allusions for now.