E58- Lourdes M. Turrecha, Founder of The Rise of Privacy Tech

54:14

SUMMARY KEYWORDS

privacy, tech, problem, people, building, data, technology, tools, founders, investors, companies, solutions, buyers, organization, products, question, startups, compliance, security, excited

SPEAKERS

Debbie Reynolds, Lourdes M Turrecha


Debbie Reynolds  00:00

Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds; this is "The Data Diva Talks" Privacy Podcast, where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. I have a special guest on the show, Lourdes M Turrecha. She is the founder of Rise of Privacy Tech. You're a machine, right? You've got a lot going on with privacy tech. So yeah, I'm familiar with it—your community.


Lourdes M Turrecha  00:43

Privacy tech founders and investors, and Expert Advisors.


Debbie Reynolds  00:49

I would love to just have you explain, kind of you know, who you are and what you do, and what I would love to know about your journey, I guess that's what I don't know about you. So you just kind of burst onto the scene. And I'm really excited about the things you're working on because a lot of times, when people were talking about privacy in the past, my view was very legally focused, not focused really on technology. And that's sort of where the rubber meets the road, in my opinion. So you kind of talk all day, but you have to be able to do things and operate. So that's why what you're doing is very important. So you're, you know, I feel like you're kind of like a phoenix here on the tech side of privacy and really giving that type of voice and exposure to maybe companies that didn't have that before. So introduce yourself; I would love to know a bit more about you and how you got to be the founder of Rise of Privacy Tech.


Lourdes M Turrecha  01:48

Debbie, thank you so much for having me. And it's such a pleasure to be on "The Data Diva Podcast" I've been a huge fan. And we've exchanged LinkedIn messages and comments and emails in the past, but we've never really sat down to get to know each other.  I'm sad because you're asking me questions about my journey. And I want to throw that question back to you and get to know more about you. But I'm happy to; you know if you don't mind sharing a little bit later. And I can also just, and we can also just schedule a separate call for that later. But yeah, I've been in privacy for the past decade. I obviously started out, you know, way before when privacy wasn't even sexy. I've worked with probably more than 100 companies in my privacy law practice having worked with Fortune companies, tech companies, startups, in big law with a whole bunch of clients, spanning different types of technologies from, from mobile apps for children, some social media apps, some more deep tech products like cybersecurity, that was the last industry I was in before I started the Rise of Privacy Tech. And throughout the experience, something just felt off because the baseline inquiry was always, hey, can we get away with this? And yes, while compliance is important, it's certainly something that everyone has to be worried about when it comes to privacy. It shouldn't be the end of the inquiry, Right? Like, let's get compliance settled and addressed. But what about the conversations around privacy value, and brand, reputation, and untapping the value of data once you've gotten all of those compliance questions out of the way? And the second aspect to that decision was, you know, so I felt like something was off in my career there. And I also noticed that even with all of these laws being passed all over the world, there was the question of whether they're actually moving the needle when it comes to privacy. And even in the United States, there's been some movement, but we still haven't; we still don't have a comprehensive federal privacy law. There are a ton of bills, and really excited about that, but the law will always lag behind technology, and there's no way that we can address or even make a dent in our privacy problems without turning to build those solutions ourselves, right? Instead of waiting for regulators to give us the answers or solutions that we need when it comes to privacy problems, they're always going to be way behind the technology. I thought, why don't we pay attention to this emerging privacy tech landscape and help the builders, the investors who are finally paying attention to privacy, help them and connect them with domain experts who've been thinking about privacy for years and help them build the right solutions? The ones that you know, the folks who are working in-house at these companies, need to solve their problems. So that's part of what we do is connect the builders, the entrepreneurs, the investors, and the domain experts together so that we fuel privacy tech innovation.


Debbie Reynolds  05:18

I didn't know I didn't realize that about your background, you're just like, instant privacy tech, and I loved it immediately. Because no one was really talking about what you're talking about right now. And that attracts me a lot. So I like to talk with people who understand the gaps and know what those needs are. And you really have you put your finger on the pulse of that I feel also, I like the fact that you're bringing together different groups. So you're, you're not just talking to investors, you're not just talking to, you know, startups or early-stage companies, or just people trying to transition or pivot into privacy. So you're kind of bringing together all these different people. And I've done your conference twice. So I spoke twice at your conference. And the cool thing about this, and it's because privacy Tech, I feel like, I want to when I'm on panels with people I want to help to, to help them tell their story and explain it in a way that can be, understood by people in all different areas. So you know, investors may not understand the technical parts of it or vice versa. So being able to do that, you know, I'm happy that I've been able to engage with you and your organization in that way. And I've had some really fun conversations and met some really cool people that are doing really interesting things in privacy. One thing I want to talk with you about, and I think you're the best person, probably in the world, to talk about, I feel like you know this gap really well. So the thing that has been interesting, and people are very frustrated, because when they asked me they say okay, well, we have this problem, it's like, well, you know, you can attack it from multiple different ways. And so I think people think, okay, there's like one answer to these privacy problems. But the challenge that we end up running into, and I know that you know, this, especially you're working with investors, is hard because the privacy tech sector is kind of a new type sector, in my opinion. And so, it's hard for organizations to differentiate these tools from one another. So someone who doesn't understand this area may think, okay, all these tools do all the same things, or all these tools solve the same problems, and they don't understand it because they don't understand the scope of privacy issues. So how are they? This is a huge question and probably helps you to answer for me, how do you help companies differentiate these different tools and the problems that they solve?


Lourdes M Turrecha  08:11

I think you nailed the issue on the head; we have had multiple potential buyers in different key personal in privacy tech, even founders and even investors who are trying to invest. They just think it's all the same and specific with buyers. So I think it's more important because buyers are looking for solutions to their privacy problems. But the marketing speaks out there it's hard to wade through. And so in order to even try to crack that big problem. We said, well, let's sit down and define the space like; what is privacy tech, right? And then what are the categories of privacy tech, so we define privacy tech as technological solutions to privacy problems. We went about that methodology, systematically looking at what privacy is. And then, we came up with the rise of the privacy tech stack, which is a way to visualize the different categories in this emerging industry because you're right. We're at such an ancient time in the privacy tech industry. We're about 10 or 15 years behind cybersecurity. And it's a little bit hard because most of the players out there are marketing themselves as doing everything. And it might be that they have many of the solutions in their roadmap. But today, they probably might only have a third of them in terms of functionalities, and that really frustrates many of the customers that we've talked to because they end up wasting time on demos or even sometimes buying products that aren't building built yet. So the way we've done that so we started with a foundational White Paper defining categorizing coming up with categories, and in the coming months and years, we'll start coming up with a privacy tech loom escape or like the visualizations of which products actually do fall under a category today. And hopefully, that'll help the industry so that when they're looking for a specific solution, and the way we've built is there's the B to B side, which is the biggest side of privacy tech today. And then obviously, there's B to B to B to C and then B to C. But in the B to B space, we've visualized, conceptualized, or categorized the B to B landscape by looking at data lifecycle tools, a lot of the tools the big players are playing there today. So we have the program management tools that we know of, right the compliance, or the compliance program management tools that we've seen out there. Obviously, we address we, and then we address adjacent industries, like data governance is an adjacent industry that's not primarily privacy but overlaps with privacy. Security is obviously its own mature, adjacent industry. But the most exciting part of the b2b privacy tech landscape, in my opinion, is the development lifecycle side, which is the shift left privacy trend that we've been seeing many of the privacy tech startups are building in this space and are closing rounds for those problems. And there's a reason for that because we don't want to keep creating the same problems by building tools that are privacy, invasive or, or building tools in a way that that doesn't help when it comes to governing data. So So if we start from the very beginning, when it comes to the development lifecycle, start solving the problem, then then we're not just coming up with Band-Aid solutions. We're really looking to go back to the root source.


Debbie Reynolds  11:58

Yeah, this is gonna be great. You don't know how excited I am to talk to you about this. My Oh, God, you answered all my burning questions. So there are two things that I'm noticing over the years in this landscape. And I was one of the early people that people started talking to me about OneTrust many, many years ago. And the reason why it stood out to me back then is because they were saying, we're gonna focus on privacy. So they didn't say, I'm Information Gov, and we're going to pivot, and privacy, or I'm Cyber, I'm going to pivot into privacy. So they really did that. And that helped their organization quite a lot to do that. So I'm glad to see technologies. Now. They're saying, Okay, this is our thing, we're not going to try to do 10 different things; we're going to focus our attention here. And those are the technologies that really get my interest. But two things, I will probably talk to you for two hours about this. So two things are coming up. One is, how do you help people ask the right question about what they need. So I'll preface this by saying, what I've been noticing is, in the Privacy tech space. When you meet people, you're talking about buyers? Buyers. So what I've been seeing is companies,  they want to access they have a sales pitch, they'll do what they think is kind of their assessment, they purchase a tool, and typically, let's say, an organization, you know, the digital transformation, they purchase a tool, let's say that they may have it like a three-year contract or whatever. And maybe before that, in the three years, there may be out looking again for it, what's the next thing or if they want to continue with this. So the trend that I have seen over the years, and I'm hoping that stops are that a lot of these companies that go into these tools, some of them, once they get them in house, I try to operationalize them, they find it is not what they need, or it doesn't cover what they want. So they end up out to market maybe, you know, 12 to 16 or 18 months later, looking for maybe a supplemental tool. So I guess for me, that tells me that buyers are not asking. They're either not asking the right question, or they don't know to understand their real problem.


Lourdes M Turrecha  14:31

I think there are a couple of things in play there. And you're absolutely right because we were talking we were working on the white paper, and we were talking to user buyers of privacy tech products. Some of the top challenges that they named were implementation and implementation in terms of making sure that the folks who are implementing it because it might not be the team that bought it; they might need it to help implement it. Have implementation problems and find out that it's incompatible with their systems. That's another problem. There's also the ROI problem where they've invested so much money, and they don't get value in return for the money that they paid for the product that kept coming up as well. And then they're just, you know, simply ineffective products was the last challenge that they're they've faced and, and I think part of it, you know, is that part of it is that the landscape is too early, right, like it's such an early time. But the other side of it is also really figuring out is figuring out what your pain points are and pressing your vendors, your potential vendors, on how they are coming up with them. In specific use cases, as opposed to just saying data minimization, instead of just coming up with a principal or, let's say, retention, an umbrella problem, really being very specific about the use cases that they're in data minimization, or their use cases, and retention and deletion that they're trying to solve for. And then, you know, talking to their potential vendor and saying, Hey, do you actually solve for this use case? If not, is it in your roadmap can you commit, if we buy, can you commit, to shipping this feature within three months within six months? So, obviously, that's part of it is that we're so early in the privacy tech space. The second part is just being very specific about the use cases you're trying to solve. Because there are no silver bullets in privacy tech, right? Like, not no one solution can solve all of your problems. I mean, if you just look at every other tech industry, there's no one-stop-shop; you need different solutions for different use cases. And plus, it's too early in the privacy tech industry for companies to I mean, we're seeing some of them merge and get acquired, but I think it's still too early for that type of play to be if you just look at adjacent industries, you'll know that that early implementation, early merging just causes a lot of problems because we need solutions that are really good. And it might be that the really good solutions for this category don't come with, you know, this or that company. So I'm really excited about fueling this space. So we can get better products that really sell for specific use cases. And I'm excited there are a lot of people who want to help fuel this space. And part of our goal is to help buyers articulate what their problems are. And then to get that to those who are building so that we're building the right solutions, as opposed to just starting with building without looking at the problem. So in tech, you're supposed to start with a problem. Not that not the technical, technological solution. And so I urge on the other side, I urge founders to say, hey, talk to people, like ask them, ask buyers and users what their specific problems are, and then build and then go ahead and build that don't build something and then try to solve it and force it on buyers who may not want that. Yeah, there are vices built-in; they will come. It's not the way to go. Right. Specifically, especially in privacy tech, where it's, it's so early on, and there are so many privacy problems. And we really need to listen and figure out what those are. We do have a survey that goes out to buyers, and we, you know, if anyone wants to contribute to that so that we can get the information,  we don't collect any personal information unless you want to drop your email so that we can contact you for a quote or something later, but it's not a requirement. All we need is just like, what do you need? What are the specific use cases you want to be solved? Because you're not seeing the tools out there? And we did that because we are getting a lot of those one in one increase the people in my network. And it's like, oh, that's that doesn't exist yet, by the way, like that specific problem you just talked about, doesn't exist. So I would post on LinkedIn, and all of these vendors would respond. And a few weeks later, the buyer would say, you know, you had a lot of responses, but none of them actually hadn't product built yet. But this one, this one startup actually listened, and now they're building a prototype. And so we'll see if that actually helps us. It's a way to scale that very manual approach with me just posting it on LinkedIn. So we thought we'd just put it in the white paper every year by conducting a survey.


Debbie Reynolds  19:55

Yeah, I think privacy is when you're dealing with data, and it has privacy implications. It is hard for people who are trying to sell their product to a particular organization to know who the best person is to engage with because in organizations especially because,  data that has privacy implications can be all over the organization. So it's not just one, it's not like you say, Okay, I'm gonna do an accounting system. And so only people in accounting will use this, you know, you're building tools, touch data, many different areas within the business. So it's hard to know who are the best stakeholders to sell to. And then, you know, a lot of times within organizations, there may be internal, not digital silos, but just sort of people silos. So maybe the people who will be implementing the technology may not talk as much to the compliance or legal folks. But these are tools that they both have had a hand in in terms of his success within the organization. So what are your thoughts about that problem?


Lourdes M Turrecha  21:12

That's actually a very insightful question. Because it's the first question that I ask a founder one of the first three questions I asked a founder when I talked to them. And I asked, like, who is your target customer persona, and the way they respond to that is very revealing in privacy, it's such a cross-functional place that, you know, it's not just the lawyer sitting in legal, it's not just the security InfoSec GRC, folks, although some of those, those buyers are there. You can also have PMS and developers who might need tools for the development lifecycle side of the house. And, and you're right, like, personal data runs through every type of system within organizations, or almost every type, I would assume, even in finance, as you'd have some personal information there. And, and so really looking at who is it that has that problem that you're trying to solve, right? Like when you're asking, what's the problem trying to solve? And you're getting when you're doing that market research? Or if founders doing the market research, really understanding, like, who's responding to this problem, like, who has this problem? Is it the developers? Is it the GRC InfoSec, folks, is it the price privacy engineers is the privacy program, you know, the lawyers and CPS DPS, and it might be once they figure it out, they have to figure out like, which one of those people has the budget or is willing to pay for this solution. And then, so let's say it's the developers who are willing to pay for that solution, it doesn't mean that that you don't talk to other personas, it just means that you're there your primary persona, they're the ones that you're trying to sell to, but you can also still engage with, with their influencers the way budgeting and purchasing works within an organization is that, and I sat through this in my career is that you know, it might be that the marketing team is the one that is going to pay for the consent management solution for website, you know, trackers and cookie management. So they pay for that, but they ask the privacy team because they want something that's compliant. And they asked the InfoSec team because they want something that's secure. And they, you know, they talk to the IT team, because they want to make sure that it works with the existing systems. So it's being very methodical about defining who, who has the budget, who are the influencers helps with when it comes to selling in this space. Did that answer your question, by the way? Yeah, okay, cool.


Debbie Reynolds  23:51

That's a great answer. Because that's, that's a problem.  It's tough because I think people want, they want you to say to you, if you only talk to the legal people, then you can get this done. But you know, a lot of times, because it's all cross-functional, and it touches so many different places, a lot of people, they don't know how to attack kind of that sales process. And the organization's perfect answer, by the way. Let's talk a bit about investors. So what is it maybe the eight that even surprises you, when investors come to you may be either things that they don't know or things that you tell them that they're shocked about when they say, Okay, I'm interested in privacy, how can I get involved and you tell them something, they're like, What, I can't believe it.


Lourdes M Turrecha  24:41

Yeah, I think the biggest part, the biggest misconception is that privacy is just a subcategory of the cybersecurity industry or privacy tech is, so we do a lot of education and awareness in that space. We attack it maybe like two-three ways. The first one is defining the tool domains, the privacy domain, and the security domain. Obviously, you know, privacy requires security, right? Because one of the principles for privacy is securing personal data throughout from end to end of the lifecycle. But there's way more to the privacy domain than the security inquiry, we also want to minimize data, we also want purpose, and use limitation, we also want transparency and all these other things that we care about in the privacy domain, whereas security is, you know, very specific when it comes to just protecting not just data. So they're broader in terms of what they protect; they protect personal data and other types of data. They also protect systems and networks, you know, devices. So there's that overlap. And it's sort of a Venn diagram when it comes to these two domains. And, and they overlap. And it's exciting when they do, and I really like it when a product or privacy tech product is, is the security or privacy category that we name in the white paper. But that's the biggest surprise that I have when I talk to investors because most of these investors are coming from the cybersecurity industry, which makes sense because it's the closest adjacent industry to the emerging privacy tech industry. The other one is similar; it's the privacy. So some of them say privacy is just security or like a category of security. And then there are others, especially the investors from the web three-space, not from the cybersecurity space where they talk about privacy in terms of just anonymity. And so in their mind, they have a more limited conceptualization of privacy, where it's just, you know if you're anonymous, if this tool helps you be anonymous online, you're good. So they don't talk about control; what if an individual wants to share their data and is okay with not being anonymous, they're fine with being synonymous or even being public, but they still want control over their data. So we do a lot of, of education when it comes to what privacy is. And then the other one is that because it's so new, they think that the existing players, the first couple of unicorns, address the whole industry. And they say, Well, you know, we invested in one of the two big players, so we're good here, we've got privacy tech covered. So that's, that's probably the third most surprising thing. And the white paper that we published last week addresses that and shows them visually that that's not true. There's way more to their privacy tech landscape than, you know, the specific categories that some of these solutions address.


Debbie Reynolds  27:49

Right. I agree with you wholeheartedly, and I'm glad you were able to explain that I may actually transcribe this and put it on my board here so I can explain. When I talk to investors about this. Oh, what are some surprising things? You know you help founders tell their story, write about, you know, understanding the investor space, understanding the buyer space as well. So what are some surprising things that you've heard for founders? Maybe they didn't understand kind of what's happening in this industry?


Lourdes M Turrecha  28:27

It really depends on the founder, and I was first surprised that 90 plus percent of the founders don't come from the privacy space. So they're not like Ray Everett, who has was like one of the first CPOs right, he's the dean of CPS is what they call him, or Michelle Dennedy, who is like the mother of privacy engineering is who is also one of the first CEOs and veteran CPO in Silicon Valley. The rest of them, most of them come from cybersecurity, and the others are other founders or are entrepreneurs and developers. So it was a little bit it depends. It depends on which type of founder they are. So I think the most surprising thing has been delimited depending on whether they come from a with a privacy background or not. A limited conceptualization of privacy was the first one, and then the second one is coming up with the solution before talking to two user buyers about their pain points, which is kind of the reverse of how startup Landia works. If you talk to you, know the Y Combinator folks who are is probably the biggest accelerator for startups or startup accelerators in the world. Their advice every time they work with startups is to start with the problems you know, before you build anything, start with a problem, talk to the user buyers and then build something thing that addresses that problem so that they have to buy your product because you've built that solution specifically for that problem. So those are probably the two biggest surprises that, from talking to, I think, almost 150 founders, the some of the biggest surprises I've dealt with in the past 18 months.


Debbie Reynolds  30:20

So what's going on? What's top of mind for you right now in the space. So this is new is emerging is changing very rapidly, the regulations are changing rapidly, the technology is changing rapidly. What was top of your mind right now about kind of the rise of privacy tech?


Lourdes M Turrecha  30:43

So we need more investments; it's probably one of the top two or three things. So some of the things that we're looking at right now is trying to figure out how to get more VCs to invest in the prime emerging privacy tech landscape. That said, there's already been close to 6 billion, if not 6 billion, already poured into privacy Tech with 4 billion in the last three years alone. So that's insane. But that's nowhere close. You know, if you look at adjacent industries, that's nothing. So a lot of it's just talking to investors sharing, you know, just explaining to them this is the emerging price tech landscape. This is way broader than you initially conceptualize; it's not just the subcategory of cybersecurity. This is why privacy has value. Yes, I mean, the compliance conversation is helpful because it helps you support the need for some of these products. But it goes beyond that to like, and it takes a lot of money for companies to try to re-architecture, their re-architect their systems just so they could untap the value of data. So investments are the first one. And then just continuing to bridge the gaps between the key players who are in privacy tech, or the founders, the investors, and then the domain experts who are interested in privacy tech. And I found that not most of the privacy pros out there are just focused on compliance. And there's because I get it like I was a practicing privacy lawyer as well. So there's just not enough time to pay attention. But there is a small number, and there's a small number of privacy domain experts who are interested in the emerging privacy tech landscape. And so we said, why don't you come over and we want to? We want you to bring in your expertise and help some of these startups either as an advisor as a consultant or even some of them joining them as founding members of these startups to help build solutions that actually solve for privacy problems. So those are two things that are top of mind for me.


Debbie Reynolds  32:56

Very good. Very good. And that's something maybe we could chat afterward about.  Of course, maybe able to collaborate, awesome stuff like that.


Lourdes M Turrecha  33:05

I'm always excited about the opportunity to collaborate with you. So yes,


Debbie Reynolds  33:11

That's very, very sweet. So so this is a huge problem that we have, and, you know, you're definitely the best person I can pick up to ask this question because I know that you understand this issue. So part of this is we need to switch from a reactive state of mind about privacy to a proactive state. So the types of problems or harm that can happen to people, if their privacy is, you know, damaged or harmed, misused or abused, you know, there is no adequate redress for that. So there's obviously a place for regulation, but, you know, if someone steals your life or they lock you out of your life, your bank accounts, you know, different things that could possibly happen to you because of privacy violations. You know, it's not enough to say, well, we regulation, I actually, there's a place for that. But how do we move from this reactive state where like, a lot of like, some companies will say, well, we don't have we haven't had a privacy problem. So we don't need privacy tech, or we don't need a privacy person. Because you know, but Oh, and if we do have a problem, they will like higher privacy person. But the problem is that the harm could be so so egregious that there is no way to recover from it. What are your thoughts?


Lourdes M Turrecha  34:53

On shifting from being reactive to proactive? I mean, you're absolutely right. There's a place for regulations, right? Let that's where we hope individuals will get redressed. But we don't have to wait for that; we can start with building technological tools that actually don't invade privacy in the first place. And that's really why I shifted from practice to feeling the privacy tech industry is so that we can proactively build privacy technologies. And instead of the privacy-invasive ones that we've been used to for decades, instead of adding to the mounting Privacy Technical debt that we've incurred, because of the way we've ignored privacy when we build these tools, I think it's important because a lot of these invasions are, are amplified through by technology, right? So I think it's important to also come up with technological solutions to these things. Yes, there are one in one privacy breaches done maybe by a hacker, for instance of a malicious actor and an insider. That actor, but many of the things that we hear about in the Newser are privacy invasions that are amplified at scale through technologies. So I'm, I'm excited to shift from a proactive like suing or responding to a privacy incident or a data breach and calling the FTC. I'm excited to shift from that reactive approach to, hey, let's stop building these privacy and basic tools and instead build tools that solve for privacy problems or privacy tech, in other words.


Debbie Reynolds  36:43

Yeah, I think that's a big issue. And I think that's something that you're really highlighting; this is very important, so I can't really wait until something bad happens to try to jump into this privacy thing. And also, for companies, let's say companies who are developing other tools that don't have that are not specifically privacy tools, right? They have problems with the adoption of their tools if they can't address privacy. So that's something I see a lot of. So it's like you got the best tool in the world. But if you can't address that, you won't be able to sell your product.


Lourdes M Turrecha  37:26

I'm really excited that you brought that up because there are tools that are not primarily quote-unquote privacy tools, but people like to call them privacy-first tools. So, for instance, signal is not signal isn't prime is primarily a messaging app. And brave is primarily a browser. DuckDuckGo is primarily a search engine, engine, but they've all built their tools, as far as privacy first with privacy in mind. And that's one of their key differentiating features is that they built it with privacy in mind. And so we're excited. We're also we call those privacy-first time, under the subcategory in the consumer side. So we're excited about some of the tools that don't necessarily are not necessarily for privacy professionals or privacy engineers or any of that but do other primary functions, but they do it in a way that's privacy-protective. And, and I think it's really smart. I mean, we've seen how Apple has taken that approach for years and, and capitalize on that not saying the apples perfectly, I've gone on the record to criticize them when it comes to their mistakes when it comes to privacy, especially with the with CCM their proposal and I was excited to see that they put that on hold. But you know, when something like that happens, it gives them a lot more leverage because they've been able to demonstrate for years that we want to take this seriously. So when they do make a mistake, your privacy advocates are a little bit more forgiving and understanding. But if you can compare that to other tech companies who have just been huge violators, again and again for years, it's hard to give them the benefit of the doubt when they do something nice or something good, like getting rid of their facial recognition database because they've done 100 other privacy-invasive things already. So I think it's a really smart approach. I think more tech companies, in general, should think about building their products that way with privacy in mind, and you know, even if you're not what we would think of as a primarily privacy tech company, you could build privacy-first features into your products and leverage that as part of your competitive advantage and your brand reputation.


Debbie Reynolds  39:52

Let's talk about competitive advantage and brand reputation. So some people see privacy, you know, because all right regulations, I see oh my god, that's like another tax on organizations. It's just another thing that we have to do, and we have to deal with. But, you know, we're seeing it. And I'm glad you mentioned Apple, you know, I don't think it is a coincidence that they had kind of their biggest quarter ever, q4 2020. And I think part of that was the result of their app transparency, push because people really want that. So. So I think what Apple proves there is that not only can privacy be an advantage, but privacy can be profitable. So it can add to your bottom line, it could be a business advantage. And I say that quite a lot. But talk to me a little bit more about that, because I think that, you know, adding to the bottom line is something that like, for example, I can relate example. So I work a lot with General Counsel, but then corporations, and a lot of times General Counsel, especially if you're a lawyer, you know this, you know, you're a lawyer with a corporation, they do whatever they make widgets, or what have you. So that's kind of their main thing. And then we are illegal; you're not considered like a revenue-generating department within the company. So the best you can do is like, you know, reduce the risk, save money, right, you want to save money. But if your company is focused on privacy, you can actually help the company make money, right? Get more revenue, get more customers gain more trust. So talk to me a little bit about that.


Lourdes M Turrecha  41:38

Thank you for bringing this up. This is one of my favorite topics to talk about. So thank you for giving me the opportunity to address it; I think it's a very limited mindset perspective to just focus on compliance. And, and it's really sad because I, this, the time has come for us to really accept that privacy is not just all about, you know, GDPR and CCPA. There are a ton of surveys, and we cite them in the white paper; Cisco has done great surveys about privacy ROI, Consumer Reports has done an excellent survey on the clear marketplace demand for privacy. I think Pew Research has done similar things. And Apple obviously is like the biggest example of this, if you're going to look, you know, look at the most profitable company, and they're leveraging privacy. So when it comes to GCS and legal folks, I mean, it is our opportunity to show that we're not just all about risk and compliance, so we can actually contribute to this and, and if you feel limited in your role, then work with others. And with other groups that you know who, who can help you out in making this. This argument you can work with a finance team, you can work with a marketing team, and working teams love it when you're able to show that certain privacy features help with customer retention because they love your product, because you're building trust within. And so, I would look at specific examples out there. I mean, there have been surveys for years that demonstrate this, but I would just look at companies that are doing this and that are just succeeding when it comes to competitive advantage and privacy.


Debbie Reynolds  43:33

Yeah, I love that topic, too. And it's not talked about enough. I'm glad that you were able to answer that. What is it? Let's talk about the future now. So what is on the horizon now that you see the concerns you most related to privacy that may have an impact on the price of tech?


Lourdes M Turrecha  43:54

I love technology. I mean, I really do. And it's sad to me that the way we build it sometimes as we build in a way that's so privacy-invasive, and I get it right like when you're coming up with a new with an emerging type of technology. We saw this 10 or 15 years ago with big data with cloud with IoT, AI today, and machine learning. And it makes me sad because we focus on all the opportunities, but it's such a limited perspective. So there are two to two things to that we focus so much on the capabilities of the technology, but we don't think about the privacy opportunities that you could add on by building AI models that are privacy-protective, for instance. And then the other side of it like looking at the privacy and ethical ramifications of building in such a way that's invasive. So that really makes me sad. And I think you know when you ask about specific ones, I mean, neurotechnology is really is freaking me out because with the brain to a varying interface that we're talking about communicating our deepest thoughts and being able to read that. It really, you know, we need to be careful there because that's the essence of our individualism. So that's probably one of the biggest privacy concerns that we'll see in the coming years. In addition to AI, I think neurotech, and all of that, like we need to be careful about whether what are the privacy controls put in place so that when we enable this technology to communicate our deepest thoughts so that we are able to make sure that individuals still have control about what they want to communicate out? It's not just a one-way street of reading their thoughts; you're able to also stop certain transmitters from reading when you don't want them to read.


Debbie Reynolds  46:01

I agree with that. I share your concerns. I'm concerned about anything biological in any way. So neurological, biological, any of that will tech concerns me, I like you. I love technology. I'm a technologist. I've been a technologist long before then I was a privacy person. So that concerns me. So yeah, you can't just look at all the great things you think you can do; you also have to consider the harm. So this is kind of a lightning rod. Question. And you address it. And I agree with you on this. Part of this is related to CSAM, but not exactly. But there is this false equivalency that people make about privacy versus security. So you can have privacy, you know, you either have security, or you have privacy. And that's, you know, it's kind of a zero-sum type pursuit. And I don't agree with that. And I know that you don't because I think you and I agree that we weren't a fan of the CSAM thing that was trying to try to be attempted by Apple. And you know, I see this come up a lot; it comes up all over. All over the world, that comes up all over the world, especially when people are especially around the places where people are trying to pass legislation about the data and privacy of people. So it tries to try to pit both security and privacy against each other. But they're not equivalent. And it's not like you can have one and not the other. What are your thoughts?


Lourdes M Turrecha  47:39

Yeah, I agree with you there you let's not make false trade-offs. And I think that's true, not just with privacy versus security, which I hate. I hate that phrasing. And it's also been true with other types of public interests. Privacy is not absolute, right? Like it's not like any other rights, not an absolute right. It has to be balanced with other types of rights. But we have to be careful about making false trade-offs between privacy and security, or privacy and public health, as we saw with the pandemic, or privacy versus individual health when it comes to like one in one same thing with a pandemic or privacy versus speech rights. I think there's a way to go about it. And I think the way is to be very specific about like, what's what are we trying to accomplish? And do we really need to? We have to ask the right questions like, first, what are we trying to accomplish? Do we really need to be privacy-invasive when it comes to accomplishing that goal? May it be a security goal or a public health goal? And oftentimes, the answer is no. We can't have both. We can have public health, individual health, and we can have security in internal or national security without invading privacy.


Debbie Reynolds  48:57

Yeah, I agree with that. I'm sure we'll continue that debate that comes up; you know, every couple of months, something will pop up on the radar. And it's like, oh, my God, I can't believe we're still having this discussion about privacy versus security. If it were the world, according to Lourdes, and we did everything as you said, what would be your wish for privacy anywhere in the world? Where does technology law human stuff, neurological, biological stuff?


Lourdes M Turrecha  49:26

Oh, wow, that's a really hard question. Because there are so many, I have such a long wish list when it comes to privacy that I want to pick one. Like, I don't even know which one to start with. And I guess, you know if we start with everyone just being respectful of each other, so may it be with how we collect data, maybe with how we build technologies. We start with that and keep that in mind that there is like; indeed, there is another person on the other side of the transaction. It's not just you. It's not just zeros, And once right, it's not just code just because we've gone online and digital doesn't mean we should forget that there are people whose lives could be affected by the decisions that we make. We start with that baseline of respect. I think that should cover everything else I want.


Debbie Reynolds  50:16

Yeah, that's true. I like this question because I've never had anyone say the same thing. So this is great.  So there just shows how multifaceted this conversation is; that was a good answer. You know trust has to be there. I think businesses aren't you can't make money if your customers don't trust you. So it can't just be about your products and services. It's also how you handle their data. So maybe trust is the new gold instead of data is the new gold, right?


Lourdes M Turrecha  50:57

Yeah, privacy as trust is one of those conceptualizations we cover in, obviously, like, it's a great development, the privacy space. And I completely agree when you trust in privacy.


Debbie Reynolds  51:11

Yeah, well, so how can people get involved? They want to attend your conferences, you know, founders, buyers, you know, anyone who's interested,


Lourdes M Turrecha  51:22

There are so many different ways, right? Like you can, you can attend as you said, you can attend our conference. You could also if you want to contribute to our surveys in our white paper, you could fill out and give us data about the privacy tech landscape; we also have a membership. Obviously, you don't have to sign up for that. It's really for folks who want to get way more involved that it takes a lot of resources in our end to get them plugged into the privacy tech space, but or they could just sign up for our Slack or a newsletter we share news there too. So if they want a low commitment type of thing, that's something that we make freely available. We also have free resources for very early-stage startups. So we've matched a lot of startups with domain experts as advisors. So that is a resource that privacy tech startups can sign up for. And we've done that for a few months now. And the same thing with investors like they want to get access to deal flow in the privacy tech space. So we also have a startup investor matching tool as well. But we'll have more; we do have quite a few things planned, where those are what we have today, in addition to the events that you mentioned, or you guys can just read the white paper if you want and share it. I would be very happy because they'll help us educate the public about the privacy tech space. And no, we don't have a data collection. While we don't require your name or email in order to access that. You can just read it online.


Debbie Reynolds  52:51

Excellent, excellent. Well, this was great. I'm so glad that we were able to chat. And it's so fun for me because it's like we've collaborated before in the past. But I'm happy to be able to have a share the mic with you today and be able to have people get to know you better. It's great.


Lourdes M Turrecha  53:09

Thank you so much. It's been my pleasure. And I really appreciate you sharing the mic with me and helping spread awareness on the emerging privacy tech space, which is such an important underserved space. So thank you so much. Data Diva.


Debbie Reynolds  53:26

Well, thank you. Thank you. Thank you. We'll be chatting for sure. Yes,


Lourdes M Turrecha  53:30

Hopefully. Take care.

Previous
Previous

E59- Emma Martins, Data Protection Commissioner at Data Protection Authority - Bailiwick of Guernsey (Europe)

Next
Next

E57-Olivia Holder, Senior Privacy Counsel, GitHub