Reading time: about 3 minutes.
Today, we’ve announced (press release) our availability in AWS marketplace. Combined with some recent insights from the RISK conference in London last week, I want to give some background on the trends we’re seeing in the privacy tech space, and why there’s a need for practically applicable solutions that are native to data flows. Goes without saying a native install in a major cloud is an important step to remove some of the inherent friction involved in any technical implementation 😉.
Embedding privacy in data is very, very new
The traditional approach to “data privacy compliance” is to describe how privacy is handled in an organization (this is the main tool of data protection authorities - questionnaires!). If there’s any decent scale data handling going on, keeping that description up-to-date is like chasing a horse on bare feet: you won’t catch up. You might take it a step further by tagging (in code) where you are handling personally sensitive data points to build the view automagically, or go about “privacy” in critical areas use case per use case (e.g. case-based DPIA first, define + build measures. Rinse. Repeat). But the data itself is often left untouched.
Advanced PET’s are the fine dining of privacy. We need daily food, too.
Privacy Enhancing Technologies are not a new thing. Although they promise to alleviate a lot of compliance burden, applying them is often detrimental to wide data usability or solves only very specific issues. In many situations you don’t need a computational sledgehammer - “anonymity” is highly context-driven (anon to which law and for which type of data?). We’re hearing the better known PETs often lack in real-world settings (e.g. synthetics destroying too much data pattern, requiring ANOTHER model pipeline to train and maintain and amplifying data drift; MPC being too heavy to handle for many), and miss a focus on being tune-able to contexts and balance the control legal needs with the usability data looks for.
So, where are the practically applicable solutions that are native to data flows?
This makes it hard to go for a structured approach: you can use advanced tech to solve privacy challenges per use case, or limit yourself to the bird’s eye view. You can synthesize all you want, but if you’re synthesizing on ill-collected data you are still in violation, whatever cover you find in GDPR art 26. You can stage-gate development with privacy assessments, but the congestion build-up will be hard to swallow for the profit centers in your business.
So, the opportunity is to move to a structured approach that connects where data comes from and how it can be used, with fit-for-purpose transformations applied in-flight. And which most of all is practically applicable and integrated into your existing infra…
STRM @ AWS Marketplace
You can run our Data Plane now from inside your AWS subscription (requires a Kubernetes cluster, and a Kafka cluster for the event-based capabilities), both under a license (contact sales!) and as Pay as you Go (with an hourly cost per pod).
Curious? Request a demo!