There are some developers right now that think launching products in the EU and UK is impossible.

They look at the data laws in these regions and decide that they are too difficult to parse and follow, and so don’t even bother trying.

But this is a mistake.

You are missing out on big markets. That is over half a billion people you are skipping over and a huge amount of economic activity you are not leveraging.

The data laws in the UK and EU are not insurmountable.

It is easy to think that they are. The data laws are thick and intertwining, making navigation quite tricky and onerous. The European Commission has acknowledged the undue friction caused by its digital rulebook, and the UK has been careful with how it wants to proceed with the AI regulation.

Despite the criticisms, the intention of these data laws is sound. The reality of our digital world is that maintaining meaningful control over our data is incredibly difficult. Modern technology is often designed to collect data by default, including in ways that are not even obvious to us.

When you enter a website, download an app or interact with an AI system, lots of data is constantly being collected about you. And it is not just the data you know you are providing: names, email addresses, phone numbers, payment details and so on. It is also the data you silently give over; device data (IP addresses, device type, operating system), behavioural data (the pages you visit, where you scroll, what you almost click but don’t) and contextual data (who you message, what other apps you have on your phone, the time of day you are most active).

Due to the ease of which control over our data is ceded, data laws place obligations on those collecting such data to ensure that they use it in a responsible and ethical manner.

But the crucial point about these data laws is that they are not focused on comprehensively mandating the specific purposes for which data can be used. Rather, they are focused on the manner in which you use data for a given purpose.

What this means in practice is that data laws, like any other laws, present a path problem with three main parts:

• An objective that needs to be achieved (the processing operation)

• A set of rules that apply to the pursuance of that objective (the specific data laws)

• The actions that can be taken within the framework of the applicable rules (the compliance and governance work to make the processing operation more responsible and ethical)

It is therefore possible to navigate a given set of laws to pursue the desired objective. There is a path that gets you from point A (your goal) to point B (the lawful actions you can take toward that goal).

The truth is that data laws are only hard to navigate if you do not think carefully about the data you are using and how you are using it.

The main thrust of data laws are to ensure that entities use data in a responsible and ethical manner.

You should care about this as a business because it forms one of the important foundations of customer trust.

Why would customers use your product and trust you with their data if you are not prepared to use it properly?

What is takes to navigate data laws effectively is to think from first principles in terms of the data you process: know why you are collecting data, take only what you need, be honest about how you use it, and get rid of it when you are done.

The organisational discipline required to articulate these things is rare but incredibly valuable. Most companies don’t understand this but then suffer from the problems that flow from that omission. Bloated data processing operations, taking on unnecessary risks, murky decision-making and so on.

So data laws are ultimately not obstacles to developing products. They are conditions for clean, lean and sustainable building. Isn’t that what you are trying to do anyway?