A blog about practical data privacy strategies for fast-moving engineers.
Hi there, I'm Jonathan. I've spent the past few years leading privacy engineering work for social media companies big and small. The space has changed incredibly fast.
Today, 92% of Americans cite data privacy as a growing concern. Only 15% think companies use their personal data to improve their lives. Regulators for 65% of the world are aiming for privacy laws by 2023. Every site seems to have a cookie banner you have to click through. Apple uses privacy as a differentiator. Missing an account deletion button in your app or using the wrong tracking strategy? You might get booted from the App Store or have to show a dialog.
Privacy expectations and obligations impact every business, from upstart to established.
But the discipline is poorly-articulated.
Discussions frequently frame data privacy in abstract terms, around rights and respect and dystopias. Concepts like privacy-by-design can feel vague and hard-to-measure. Compliance frameworks frequently target the needs of traditional, established firms with slower product pace and dedicated compliance teams. This is fundamentally out of sync with Silicon Valley companies — as HBO's Silicon Valley famously lampooned, engineers make the world a better place by moving fast with quantitative metrics.
We need to rethink how we explain privacy engineering.
The reality? On average, a dollar invested in privacy leads to $2.70 in business benefits. Strategic data privacy investments can increase customer loyalty, accelerate company agility, in addition to reducing brand and legal risk. For startups, they can add much-needed legitimacy. And for large companies, they can help engineers reason about large-scale systems more easily, preventing painful mistakes and spotting areas for cost savings.
I'm hoping this blog can make privacy engineering feel attainable, practical, and valuable.
Areas I'm hoping to cover over time:
First, what is data privacy, specifically? Why do companies seem to keep failing at it?
If you're launching a new app or website, what's the data privacy punch-list?
What goes into honest, user-centric privacy design?
How do you design systems with privacy safeguards that prevent developer mistakes at scale — and accelerate developers, while we're at it?
What vulnerable populations should I think about specific privacy concerns for?
Subscribe for updates below, and I'd love it if you'd share with colleagues you think would find it helpful. See you at the next post. 🙌