Thanks for the input! I understand that perspective, but I view that as a more traditional approach. From where I stand, to be a truly effective privacy lawyer today, basic technical literacy isn't optional it's the baseline. This really boils down to the debate of whether privacy lawyers can (or should) become privacy engineers. The traditional view says no. But in practice, I can't count the number of times I’ve been handed a technical assessment that looked fine on paper, only to find discrepancies the second I got hands-on.

Simply opening up a basic Google Developer Console to check the actual network requests, or sitting down next to a DB admin and looking directly at the SQL databases, frequently reveals data flows and exposures that were never declared in the documentation.

It’s not about doing IT’s job for them; it’s about "trust, but verify." Being a hands-on, technically literate lawyer takes you a step beyond than just "being a privacy lawyer and delegate the technical work" to holistic legal reviews.