S1E6: The Explosion of Privacy Tech with Lourdes Turrecha (TROPT)

Show Notes

This week, I’m joined by Lourdes Turrecha, Founder & Chief Privacy Tech Strategist at The Rise of Privacy Tech (TROPT). TROPT's mission is to fuel privacy innovation by bringing together privacy tech founders, investors, buyers, & expert-advisors to bridge the existing tech-capital-expertise gaps in the field. As a member of TROPT's Advisory Board, I’ve seen 1st-hand TROPT's innovative resources and events that they offer the industry.

----------
Thank you to our sponsor, Privado, the developer-friendly privacy platform
----------

In our conversation, Lourdes and I explore the different facets of TROPT, particularly focusing on what’s included in the recently-published "TROPT Privacy Tech Stack 2.0 Whitepaper 2022." We discuss how buyers currently navigate the space, how TROPT supports privacy tech founders & the 5 biggest challenges that we see across privacy tech.

The whitepaper is a first-of-its-kind landscape that categorizes the different categories of privacy tech so the market can better understand the breadth and depth of the space. It highlights current trends and visions for the future of privacy tech, and addresses solutions to those 5 major pain points. Lourdes also dives into what we can expect from the TROPT Data Privacy Week 2023 in January and how to get involved. 

----------
Listen to the episode on Apple Podcasts, Spotify, iHeartRadio, or on your favorite podcast platform.
----------

Topics Covered:

• TROPT’s free resources and paid offerings for privacy tech key players
• The thought process behind the TROPT Privacy Tech Stack Review program 
• The current frustrations of many privacy tech buyers and users' experience, especially on the B2B side
• An overview of the 3 main topics covered in the whitepaper 
• Proposed solutions for the challenges we’re facing in privacy tech 

Resources Mentioned:

• Read the TROPT Defining the Privacy Tech Landscape Whitepaper 2021
• Bookmark the TROPT Privacy Tech Stack 'Scape 

Guest Info:

• Follow Lourdes on LinkedIn 
• Follow Lourdes on Twitter 

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Buzzsprout - Launch your podcast


Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Transcript

Debra Farber  00:00

Hello, I am Debra J. Farber. Welcome to The Shifting Privacy Left Podcast, where we talk about embedding privacy by design and default into the engineering function to prevent privacy harms to humans, and to prevent dystopia. Each week we'll bring you unique discussions with global privacy technologists and innovators working at the bleeding edge of privacy, research and emerging technologies, standards, business models and ecosystems. 

Debra Farber  00:27

I hope all of you had a wonderful Thanksgiving this year if you celebrate. I know the holiday provides us with an opportunity to pause and reflect on the year and to express gratitude for the people and organizations who have helped us on our journey. This year, I want to express my sincere thanks for the existence of The Rise of Privacy Tech, a Silicon Valley-based organization led by today's guest, Lourdes Turrecha. That's driving forward global privacy innovation, gathering privacy tech ecosystem stakeholders for critical conversations, and publishing foundational thought leadership. I'm grateful for "TROPT" as it's known for short, for my friendship and opportunities to collaborate with Lourdes, and for the opportunity to shape this growing field with other privacy technologists, founders, advisors and investors. 

Debra Farber  01:21

This week, Lourdes Turrecha and I discuss what inspired her to found TROPT, TROPT's free and paid offerings to the privacy tech community, how the buyers of privacy tech are currently navigating the space, how many privacy tech companies exist today, the release of the TROPT Privacy Tech Stack Whitepaper 2022 and more about the 2023 Data Privacy Week TROPT conference that's taking place in late January. Enjoy the episode.

Debra Farber  01:57

Hello, Lourdes. Welcome.

Lourdes Turrecha  01:59

Hi, Debra, I am so glad to be having this conversation with you. I always enjoy our conversations, but you're also a very good friend. So, I'm so grateful to be here and to have this time with you today.

Debra Farber  02:13

Oh, my gosh. I've been waiting for this for so long - just to have a venue to platform you, because I'm just so excited about all the great work that TROPT has done. And for some of the people who don't know, who are listening in, I am an Advisor. I sit on the Advisory Board for The Rise of Privacy Tech. There's been so much that the organization has been working on for the past several years, and, you know, why don't why don't you tell us a little bit about TROPTs mission. What is TROPT?

Lourdes Turrecha  02:40

I'm happy to. Before I jumped in, I just want to thank you for all the work and support that you've done for TROPT. TROPT wouldn't be TROPT to without you. So for that, very grateful. And thank you for being one of our biggest supporters as one of our advisors. TROPT is the emerging privacy tech industry hub. We're the only organization that's focusing on privacy tech and innovation. There are a wide variety of amazing established privacy organizations out there, and I feel very confident that they're doing great work focusing on law and policy. To me, it just occurred to me that there wasn't really anyone focusing on the tech side of privacy. And it is for that reason that we created TROPT: to fuel this emerging privacy tech industry space.

Debra Farber  03:37

Awesome. That's helpful. So what is exactly...what are the offerings? What does TROPT provide for the community? How does it go about helping with the mission of getting privacy tech and innovation featured and more of a focus on it in the industry?

Lourdes Turrecha  03:53

That's a great question. And we have two main buckets, and what those buckets cover really depends on what we hear from our community members. So we have a bucket of free resources, the white paper is one of them, and I'll talk more about the white paper later. But as a reminder, we'll put a pin on that and then get to that. We also have free resources for early stage startups to connect privacy tech startups with advisors. So we have a startup advisor matching thing, resource. We also have a startup investor matching resource, and the way that works is we have a huge network of domain experts in privacy who can help build privacy tech solutions and there are many founders who are looking for that domain expertise because they may not be coming from the privacy domain. And so we have a signup form for for them and we do this every...you know, every Friday. It's on my calendar. I look to see if there's a new...there's an emerging startup that is looking for an advisor, and if there's a match, I make an intro. And in the future, we'll, as we scale, that wouldn't be so manual anymore, and my hope is that that becomes a more of an automated resource for folks to, to just self-serve. 

Lourdes Turrecha  05:22

So that's an example of our first bucket of free resources. We also, I mean, we also have excellent talks from past events, which are available on our website, our LinkedIn site, our YouTube site. And these include a wealth of insights given the caliber of speakers and domain experts and key players in privacy tech that engage with us at our events. And then when it comes to paid offerings, we're really testing it out. So, depending on the date, the answer's a little bit different. But, we've always had events. That was how we started because we started in the middle of the pandemic, and people needed a way to come together, and that was an easy thing to spit out for the community. But we still have them. Our flagship and biggest event is Data Privacy Week, and I'm happy to chat about that as well, at some point later. And we also had our first in-person one in June, which was the TROPT Summit. And, you know, if there are enough folks in the community who want us to keep doing those things, we're happy to continue to do those things. But like I was saying earlier, it's really what the community wants and be respond to what they say they want and do our best to put together the things that the industry sorely needs. 

Lourdes Turrecha  06:41

We also just spun out a review program, and this was inspired by buyers who just couldn't find good privacy tech solutions because there's so much noise, and they complained about how frustrated they were about the marketing speak and lists out there that guilt that privacy tech solutions. So we have the TROPT Privacy Tech Stack Review program where bonafide buyer-users review products, privacy tech products before we feature them. And that's been our rule, because we...I mean, you and I, as former buyers have been in that position where we end up wasting so much time that we don't really have a privacy professional sitting on...going into a rabbit hole in different tools that, you know, only to find out that they don't have a product yet or they don't have a functionality that they had promised in the past. And so that's one of the offerings that we're recently just making available to the community. And the review is a paid review, and that's because we pay our buyer users for their time and we also, of course, have to pay TROPT team members to do the operations and back end for that.

Debra Farber  07:59

And that makes a lot of sense. And I'm so excited to have this episode where we could connect what The Rise of Privacy Tech is doing to this audience that I'm building, which is really meant for privacy technologists, privacy engineers, even designers, you know, it that left side of what we'll talk about later as being the TROPT of privacy tech stack that, you know, before code has ever published. You know, the shifting left into the space of where you can actually protect the data before it ever gets shared or published anywhere. And what I really want to ask you now, I guess is you've talked about what some of the offerings are and the mission for TROPT. But give us a little sense of what the size of the market is. And when I say that, I guess what I'm asking is, how many privacy tech companies out there are there? You know, to the layperson who's not watching this as closely as we are, you know, it's really not that clear?

Lourdes Turrecha  08:57

Yeah, that's a great question and it's one of the things that we cover in the white paper, and I'm happy to announce, you know, and share a few numbers that we include in the whitepaper. And for those who want to dig in further you can, I'll send Debra the link and maybe we can include them in the Show Notes. It's exciting because last year there were about 945 self-identified privacy companies. This is according to CrunchBase, which is, as everyone in tech knows, is the go to when it comes to startup data. That said, CrunchBase doesn't know that these are self-identifying privacy companies, and so you kind of have to keep that in mind, right? Like they're not doing the review that we do at TROPT. That said, it's still it still means a lot that you know, last year there were about 945 of those and this year there are 1,167 privacy companies. So that's 222 in the past year alone. And same thing when it comes to investments in 2021. There was $1.6 billion of funding towards privacy companies and 2022 hasn't ended yet and we've already surpassed 2021 numbers. So right now, we have $1.7 billion in funding so far as of the publication of the whitepaper last Friday. I haven't checked today, but I suppose we could take a look in a little bit, which means like, in the aggregate total in this very nascent space, which has only been in existence for, you know, a few years, there's already been $7.3 billion so far, and $1.7 billion and that is from this year and $1.6 billion from last year.

Debra Farber  10:36

I mean, those are really impressive numbers and you really highlighted an important point before that there are lists of privacy tech companies out there. But you know, if you're a Chief Security Officer, Chief Privacy Officer, a Data Protection Officer, an Analyst, anyone in the field, Privacy Technologists, and you go and you look at these lists, I mean it's overwhelming, right? There are...it's hard to tell if it's a security company that's just pitching as a privacy...who has a privacy feature, or is some overlapping, you know, security for privacy, like confidentiality feature that they're just pitching as privacy to kind of cut through the noise in the security space and get maybe heard somewhere else. Like, how are buyers navigating the space right now, you know, before...I don't want to say before TROPT, but, you know, how are they navigating the space when all they have are lists of companies, and they certainly can't have interviews and demos and POCs and such from like 1,167 companies, right? How do they narrow it down today? What's there? Are you hearing from them of how they're approaching the space?

Lourdes Turrecha  11:45

That question really nails on the head the frustration that many privacy tech buyer-users have, especially in the B2B space, and have had in the past few years, given the noise, and what they end up sharing with us is that there are a couple of big players and that's all they hear about and to being such a frustrating thing for them, because they don't know who's doing really what, aside from a couple of big players, and they end up kind of being very inefficient about it. Like we...and that's really what inspired me, they end up reaching out to their network. And we're kind of trying to do that...in putting that into a hub, right? Like as opposed to them reaching out to me or you, Deb, or any one of their colleagues in the space and asking who's using what for what for this type of category for consent management or privacy code or other types of categories. We want to make that available in a, you know, through the TROPT Privacy Tech Stack website. And so, it's just been a very manual way of them trying to figure out what everyone else is looking at, and that's really the story of privacy tech, even internally, right? Like everything has been manual for years, and it reflects internally, but also reflects in the industry is when it comes to finding solutions. But we're hoping to start changing that with the TROPT Privacy Tech Stack Review Program.

Debra Farber  13:22

Awesome. And as the industry has been evolving, an interesting trend that I know we're both seeing is that we're finding that innovation is often coming from engineers who've been in a particular company, saw a particular problem, think they have a better way of executing or addressing that problem, and then go and start a privacy tech company. But one of the challenges they seem to have is that they don't necessarily know the industry as a whole. They don't necessarily know the different personas of the buyers or even how to message what it is they're doing. And so how does TROPT help the industry with that uncertainty? How do they help the founders in that area?

Lourdes Turrecha  14:07

That is such an excellent question, and before I dig into the how, I want to highlight the importance of that question. As we've seen in the startup space, it's critical for the founding team to understand the area that they're trying to solve for. I believe it's Y Combinator that lists one of the three factors that they look into is whether or not the founding team are the right set of people to solve a particular problem. And I think that's part of what we're trying to do here at TROPT. Not all founders have that background in privacy and they don't necessarily have to but they at least need to have someone on their team on their Advisory Board who can help them make up for the lack of past privacy domain experience. And one of the things that we do here is we bridge that gap through, you know, the advisory, the Startup-Advisor Matching Tool. We also have different sets of offerings, like our in-person Summit, really helps with that. For those startups that want to get engaged for the in-person summit that we have every June, we really tailor the people that we bring to that to meet the types of personas that could be helpful to them as Advisors, as Buyers, as Investors - and that's another way that we do that. We also have similar things like other types of smaller events that are more private, and not necessarily like a public conference. We have dinners where we do the same thing, and we connect the startups that want to be involved in those and engage TROPT to the domain experts who can help them design their products, sell them, market them, and so forth. So those are some of the ways that we're doing that at TROPT, and then, obviously, this challenge, we highlight and kind of just put it out in the forefront. We talked about it in last year's whitepaper; one of the key players that we call one of our "TROPT Visionaries," Ray Everett, also highlights this challenge, right? He is one of the first CPOs in the world and also someone who has helped build privacy tech from the very early stages. He highlighted the need for startups to be very much in tune with their buyer-users' realities. And one way that they can do this is by engaging domain experts as part of their founding team or as advisors.

Debra Farber  16:45

That's really helpful. Thanks. And I, you know, Ray is amazing. I've worked for Ray for over a year and a half when I was at TrustArc and we got to share a office together. And it was probably the most fun I've ever had a sharing an office before - with the first Chief Privacy Officer ever, and I learned so much from him as a result. So I'm just glad you brought him up. That's really, really helpful, I think, to the industry and you know, you've mentioned the whitepaper several times. So, why don't we turn our attention to that. The Rise of Privacy Tech just - today's the 21st of November - and so it was last Friday that we released the TROPT Privacy Tech Stack 2.0. whitepaper. Tell us, what's the purpose for it? Who's it for? And then we'll dive into some of like the meaty parts.

Lourdes Turrecha  17:32

Yeah, I'm happy to. So the recently published whitepaper - this year's whitepaper is the follow-up to our foundational whitepaper from 2021, which defined, categorized, and started bridging the gaps in the privacy tech space. A lot of the work was really done last year with, you know, defining privacy tech, kind of comparing them with often-conflated terms, comparing the industry to adjacent industries, and so on and so forth, and introducing the TROPT Privacy Tech Stack as a framework for categorizing privacy tech products. And this year, we did that. And we've always said that the stack was going to be a living framework, and that's what we did. We evolved that framework this year to reflect feedback from the community, from the industry changes and trends that we're seeing here at TROPT and through our working group. So that's now the focus of this year's whitepaper, and secondarily, we also brought as like we did last year, we brought a lot of insights from the forefront of the privacy tech space from leading, you know, practitioners, buyers, domain experts in the space; and it's really for anyone who is remotely interested in privacy tech, but especially for privacy tech key players, which we've identified as the founders, privacy tech founders, investors (you know, can be an angel investor or VC firm that's interested in investing), privacy tech, the domain experts who are innovative and forward thinking and want to get involved as angel investors, as buyers or board advisors, or even co founders. We have a handful of domain experts in privacy who pulled the trigger and started building their own privacy tech startups and to solve for privacy problems through tech. So those are the people those are some of the big areas that we were dealing with or highlighted in the white paper. I'm happy to, you know, if you have questions about any of the sections, we started with the Stack and evolving that, and then we have a section on trends and and buyer wishlists and the future visions for the future of privacy tech. I'm happy to dig deep as well and chat more about those.

Debra Farber  20:03

Yeah, I mean, so first I want to point out to the audience that this is a first-of-its-kind landscape for privacy tech, and really talk about what is not privacy tech and what is, what's adjacent to it, what overlaps. So it's even broader than you might think at a landscape level where, you know, my belief that this is going to help the industry mature because it categorizes the different privacy tech or privacy-first technologies that are coming out of the labs - whether it's a privacy enhancing technology or it's just new methodologies and approaches and new architectures. What we've really done here with this whitepaper is categorize the different types of privacy tech, so that the market has a better understanding for what privacy tech means.

Lourdes Turrecha  20:57

Also visually illustrates the bigger picture because like we, you and I've talked to investors who just think of privacy tech as some small category in cybersecurity, which is first wrong, right? 

Debra Farber  21:11

Yeah

Lourdes Turrecha  21:11

And secondly, has important implications for fueling privacy tech for funding privacy tech in general. Because if you're an investor and if you just see it...if you just think of privacy tech as this one small category that's part of cybersecurity, first, you couldn't be more wrong, but you could also, you know, you miss out on opportunities for your fund to look at the bigger picture and see opportunities to build and invest in some really exciting privacy technologies that are coming up.

Debra Farber  21:43

I agree. You know, it strikes me about a year and a half ago, when I started to, you know, really just become an analyst, if you will. I mean, it's not a formal title or anything, but of the industry and start like you, speaking to hundreds of different people about the state of the industry. I spoke to, you know, several VCs, and a lot of them really, you know, one in particular was like, you know, we already invested in two privacy tech companies. So we don't think that there's a need for more privacy out there than these two companies. And I'm like, that is the most limited, it really opened my eyes to how limited a view that even those who have invested in some privacy tech companies out there, do not even realize how much opportunity and how much need in the market is there, because their view of what constitutes privacy and data protection was so narrow. And so that really opened my eyes as to, you know, the how much TROPT can move the needle forward for the industry by helping just simply define some of these things. So, to that end, let's get into a little bit. Like what...you've separated...we've separated the categories out into B2B Privacy Tech and B2C Privacy Tech categories are, you know, do you mind kind of explaining the thought process there and then, you know, also maybe about the left side on the right side of the tech stack?

Lourdes Turrecha  23:08

Very happy to. So, this year, like last year, we first separated the privacy tech industry according to business models, so the B2B side is the more more mature side, and then we have the B2C side, the consumer facing side, which isn't quite as mature, but is actually interestingly and excitingly starting to catch up in gain momentum. So, that's one of the trends that we highlighted in this year's whitepaper. And then there are a couple of B2B2C startups that serve both consumers and businesses, but that's probably the smallest area of the space. I do want to focus on the B2B side, because it's the more mature side. That's also where I come from. I've worked mostly with B2B companies, and the way we think about the space is we didn't reinvent the wheel. We depended on existing privacy and technology frameworks. So we picked two in particular. So, the data lifecycle is probably one of the lifecycles that's very much known to - not just privacy professionals - but security and data governance professionals. Then that's broken down into the collection stage, use, sharing, storage, and retention stages. And we thought about highlighting categories based on that because there are, you know, we want to see solutions for these different points of data collection at retention because those are big problem areas for in-house privacy professionals. That said, one of the exciting things that we're seeing is the shift left privacy trend, and that's and for that reason we ended up also adding the development lifecycle which is, you know, the process by which technologies are developed. I mean, folks are probably familiar with the software development lifecycle. We didn't necessarily hone in on just software because there are other types of products. And so we left it at a high level and picked the development lifecycle, which is also has different stages from requirements to design and build to verification, production, and so on. And we thought that similarly, it was important to identify products that are solving for privacy problems during the development lifecycle, the same way that, you know, it was very important to find solutions to privacy problems after data is collected. But we do want to be proactive. So the earlier...we saw the earlier we shift left, the easier it's going to be to tackle the mounting privacy debt that we've incurred.

Debra Farber  25:56

Yeah, and that kind of makes sense, right? I mean, at first, it's like, "Oh, the big data economy - collect as much data as possible," and then all these rules, mostly led by GDPR and then other regulations that followed are required, you know, provide all these rights to know about what data is being collected about you. And so the very first things were, "Okay, let's make those rights happen," right? Like, that's where companies had to focus to comply, and you started to see all this explosion of, of companies that were doing data discovery to find all the data across the organization and then like put, try to put...not put the genie back in the bottle, but at least get some sort of view into what that data is and ability to provide that back or delete it, or, you know, protect it in a certain way. But with the shift left mentality, it's "Let's prevent the data sprawl from ever happening in the first place with good data governance, with tools with engineering tools, so that surface risks with so many different categories actually. Do you mind? Do you have in front of you? Do you mind being able to list out I guess some of the B2B categories that we're looking at?

Lourdes Turrecha  27:07

Oh, absolutely. I don't mind at all. Um, so in the data lifecycle, we have tracker scanners, so different tools that you could use to scan for trackers on your websites and your apps and your IoT environment, physically I suppose. There are notice, delivery, and consent managers; there's DSRs, or data subject rights; and then privacy enhancing technologies, and we kind of broke that into two buckets of different types of PETs. I think the biggest part is probably...or the more most mature part and due to the global data protection laws is the privacy program management and workflow automation bucket. Many of the...or a couple of the bigger players have gone on record to say that that laws like GDPR in the EU is really what inspired them to build their startup; to provide solutions for privacy professionals that are managing compliance. And, you know, that's an important category. Like you and I were saying, it's a great start, and that was absolutely like a much needed category, but we also want to be proactive and shift left. But going on, other categories of the data lifecycle includes data governance, security, for privacy, vendor management for privacy, identity management for privacy, and then marketing and advertising tools for privacy. And these last few ones that I mentioned that has "for privacy" as part of their category names are really categories that intersect with the adjacent spaces. They are not purely just solving for, you know, privacy problems. They might also be solving for adjacent problems like security problems and data governance problems. So, that's the data lifecycle, the B2B space, the most mature part of the privacy tech landscape. And then, on the development lifecycle side, we have some exciting DevOps types of tools that include, you know, privacy requirements, libraries, and code scanners and so on. We also have excellent training for developers, right? Like most developers don't know Privacy 101 or Fundamentals of Privacy, and so it's going to be hard for them to build products that respect privacy if they don't know that. So there are some exciting privacy by design / privacy engineering training platforms that are coming up. There are also some DSR tools that are trying to solve for DSRs and embed those into the product - so at the code level. And there are also privacy enhancing technologies for developers like Trusted Execution Environments and Synthetic Data they can use during testing as opposed to testing on real data, which creates privacy risks. So those are some of the categories; I hope I didn't go too long in enumerating all of them, but if anyone wants to dig in, they can look at the, the, the whitepaper or also the the website. We...I failed to mention that we launched on a website, right? The whitepaper was published, and so we don't want to keep waiting a year. So, there is a living website that is going to start updating the tech stack throughout the year, as opposed to waiting every, you know, once a year to do that.

Debra Farber  30:37

I think that'll be really helpful to the general privacy technologists community, privacy tech community, as a place that they can bookmark the current landscape for privacy tech. So, that'll be helpful for them, I'm sure. 

Lourdes Turrecha  30:51

And we want their feedback, too. It's a...like we keep saying, it's a living framework and we want you to get involved. We will have breakout working groups. So if you're particularly passionate about like PETs or privacy code scanners or the program suite of tools, join, you know, we invited them to join the breakout working groups for next year.

Debra Farber  31:15

I mean, I think that's a great point to stop and say, if you are in any way..."you" being the audience, are in any way interested in privacy tech, you know, go right now to The Rise of Privacy Tech's website, which is...

Lourdes Turrecha  31:30

riseofprivacytech.com  

Debra Farber  31:32

There you go. And become a member, you know, or sign up to at least receive emails or a newsletter or, you know, attend the conference for International Data Privacy Week, which is in January, at the end of January. You know, participate, sponsor. If you're a founder, become a member. I mean, The Rise of Privacy Tech is the hub where you should be plugging in to understand and knowledge-share with others, right? We've got a Slack group that's pretty active we've got, you know, there's a lot going on. And again, I think knowledge sharing is a key part to community building. So, you know, it's hard to do that if you're not actually participating with others in the industry. And so I guess, what I really want to understand now is what are some of the biggest challenges that we have in privacy tech right now? I know in the whitepaper - I urge everyone to read the whitepaper because there's a lot more information in there in the 53 pages than then what we are talking about here, but for highlights, you've listed out five challenges.

Lourdes Turrecha  32:37

Yeah, and I think I'll highlight a couple and I'll pick the big ones. The first one is really, you know, this is directly from privacy tech buyers, buyer-users. And the first one is really solutions or privacy, quote unquote, "privacy tech tools" that fail to solve privacy pain points. So I guess by definition, they're not technically privacy tech if they don't solve any. It's rare that that actually happens, though. So I think...

Debra Farber  33:07

The company...a company pitches their solution as being privacy tech, but it's more regulatory, like accountability solution or...?

Lourdes Turrecha  33:16

They might. I think it's, it's less of a black and white and more of the degree to which they solve, or the scope of which they're solving privacy problems. So it might be that, you know, as buyers like RingCentral Chief Privacy Officer Paola Zeni any and again, Ray Everitt, who's one of the first Chief Privacy Officers of the Internet era, highlight that most startups know about a problem area and then they just start building a solution there. And what ends up happening is that they, quote, unquote, "built a data discovery solution" or something similar that that seems like a hot category, but when buyers look under the hood, they're not actually solving for a lot of use cases; they're only targeting very limited use cases. So a good example of that is, you know, startups that might solve for data discovery when it comes to SaaS solutions, but don't really do that for any of the proprietary and legacy systems that actually have like a lot more risk because they're less governed. And so sometimes we see, you know, rarely there are startups that you, like you're saying, might be purely security and now they want to look at the privacy space and see if they can put a spin to it. But I think what buyers...when I talked about yours anyway, they're really complaining about startups that might sell for like one use case when the pain points are like...cover like 25 use cases. And that's hard, right? Like it's difficult for buyers to find out later on, and I hope that they don't find out later on after, after they bought the product. I mean, that's what POCs and demos are for, but that's one of their biggest frustrations is like...the products that don't solve enough of their pain points and specific use cases have their pain points and only do it for limited use cases.

Debra Farber  35:22

Got it. Got it. And that was the first challenge, right? 

Lourdes Turrecha  35:26

Yeah. 

Debra Farber  35:28

We've got five all together; and, so what's another one?

Lourdes Turrecha  35:31

Yeah, another one is integration and interoperability. That was big last year, and it's an interesting one, because coming from the adjacent and more mature cybersecurity industry, like they do such a great job when it comes to integrations and interoperability, but they're still not 100%. And so I guess, I don't know that we'll ever get to 100% either in privacy tech. We just need to keep upping the number, right? Like the progress every year when it comes to tools that are built to integrate with existing systems and interoperate with other privacy tech products.

Debra Farber  36:11

I'd imagine that, rather than integrating with just a random privacy tech vendor that they don't know if it's going to be around, you know, next year, because it's still a nascent space, I guess, we'll, we'll be watching to see, you know, which ones make it really successful, you know, in the market. And then once they achieve a certain level of success, that's when other privacy tech vendors, then will go, "Oh, we've got to integrate with that because so many buyers are already using it, and if we don't, we're not they're not gonna buy what we're selling." So it might just be a part of the, you know, maturation stage that we're in for privacy tech. 

Lourdes Turrecha  36:47

Right. Yeah, that could be part of it. Yeah, and it's, you know, these are startups. So it's very, you know, I do get that they have to be efficient and pick the projects that they take on. This includes building integrations, and so that's, that's part of the challenge is that they don't have unlimited resources. And, you know, this is probably integration and well, not integration, interoperability is probably not on their top priority. Probably prioritizing integrations moreover interoperability, but even in the integration space, it seems like, you know, there are buckets of technologies that they're unable to integrate with. It's easy to integrate with SaaS solutions that have API's and others, but it's harder to kind of build one-off integrations for legacy systems.

Debra Farber  37:43

Right, right. We've seen that as a challenge for a long time with like banks and insurance providers and universities or, you know, who have older systems for sure. Even government. Okay, what's the challenge number three?

Lourdes Turrecha  37:58

Budget, really. I mean, it's not all on the startups. Part of the problem is also, I mean, we all have a role to play. So part of the problem lies with buyer-users who don't embrace privacy tech, or even if they do, who don't know how to advocate for and secure a budget for privacy tech. So, you know, one of the more innovative CPOs and forward-thinking CPOs out there in my opinion, Dr. Stuart Lee, who is VMware's Chief Privacy Officer, shared a call to action in the whitepaper for our community of privacy professionals, especially the in-house ones to embrace privacy technologies because, you know, I get how, for various reasons in my quote, unquote, seem easy to do the manual approach. It's actually not; it's harder, but might be familiar, I guess it's the the better word. But it's a lot of manual work that's not interesting work. If you want, there's so many exciting, interesting privacy issues, and as a privacy professional, I would want to focus on those and not do manual DSRs or manually chase people internally to get them to, to fill out forms for my RoPA spreadsheets. And so I agree with Stuart's call-to-action, like this privacy tech is one way for us to scale and get better as a domain.

Debra Farber  39:28

Absolutely. I mean, at a certain point, it's impossible to do it manually. I mean, if you're a huge enterprise, like I just imagined, just pick any of the FAANG companies and I know, it's no longer "FAANG" since Facebook is "Meta," and there's an "M" there, but you know, for those organizations

Lourdes Turrecha  39:44

MAANG

Debra Farber  39:45

Yeah, MAANG!  For those organizations, like there's just no way that you could process all the Data Subject Access Requests manually. Like that's just, you know, a fool's errand and, you know, which is why they're not doing it manually. So, you know, it... 

Lourdes Turrecha  40:00

Some people make mistakes. 

Debra Farber  40:02

And if you do it manually, there's definitely room for human error. Absolutely. So, there's a certain threshold where, "Yeah, I'm doing kind of work I don't like, but you know, it's part of my job to do maybe some of this manual work, right?" That just goes out the window once at scale. It would just be impossible, right? You just can't even have people do that manually anymore given the sheer numbers. So, it's interesting to kind of watch the market for that. And then...so what's the fourth challenge?

Lourdes Turrecha  40:31

So the fourth challenge is something that we already covered, and it's you know, that there aren't enough privacy domain experts in this space. I mean, we want to build privacy tech and good privacy tech that's responsive to the pain points out there, we need more privacy domain experts to join in and help build. I mean, you they don't necessarily have to start their own startups. They can do it by becoming an advisor, by becoming an employee at a privacy tech company, by angel investing in a privacy tech company, or if they have the right means or if they're the right stage in their careers, and then obviously, like, start one, build one, but I do get that that's not available for everyone. So that's one of the big challenges, but there's so many ways to get involved. And depending on your level of where you are in your career, but also like the amount of time that you have. So, you can do it as a buyer by just giving feedback to the industry and articulating your pain points and all of that. I don't want to spend a lot of time there because I'm really excited about the last challenge, and I would love for you to tell us about it because you are the domain expert that we highlighted when it came to that last challenge.

Debra Farber  41:49

Okay, so the last challenge is that the privacy tech industry has to deal with the privacy invasive status quo.

Lourdes Turrecha  41:58

And I think you, I mean, I kind of put that more at a high level, but I think your point about Big Tech in particular is an important one, and I'd love for you to kind of share that with the listeners because I know it's something that you're very passionate about.

Debra Farber  42:14

Thank you. Yeah, so you know, the status quo has been that we use advertising to feed the Internet economy. And as a result that has turned into what we all affectionately or I don't wanna say affectionately, but we all now come to know as "surveillance capitalism." And you know, we're at a point now, where the general population feels like there's nothing that they can do. It's almost like a slow boiled frog, where they didn't realize upfront the Devil's Bargain of making the Internet free, but in exchange for personal data was going to end up being more of a Big Brother, knowing about all your actions, what you do, trying to divine, you know, what you're thinking, mind reading, everything from search terms to, you know, what are you putting into search and try to figure out what it is you want to see? And thus, what ads do you want to maybe buy from and, you know, to...basically, based on our behavior, you know, following us around the Internet, and collecting data about users, when they don't really have any concept of who's collecting the data, for what purpose? Is it nefarious, is it for good purpose reasons, and whatnot? And so people are at a point now, where they're like, I don't think privacy can get any, you know, I don't think I'll ever have privacy because this is the state of the world. And while we've been trying to fight that from within organizations, and I know, one of my challenges has been that I often was put, you know, I chose organizations where I can make the change, but was thwarted from making that change because the organization didn't really want to change. They just wanted to have someone in the privacy role and say, you know, that they, they're addressing it, and Debra go assure them that it's been addressed. So, what I'm seeing now though, where I'm playing more of this analyst role, also advisor and all that, but I'm not working within the organization's at this moment, I am trying to push along with TROPT, right, what the vision should be. What I am seeing is that there, there are a plethora of founders who left these Big Tech companies that were, you know, really, again just built on advertising and tracking people, and they're seeing, "Hey, you know what, I could go create, I don't know, like a major VP or SVP at Google is like, I'm gonna go start Neeva, the privacy-enabling search engine, right, that doesn't do all that advertising collection about you. Or you'll see organizations like Brave doing a privacy-first browser that is definitely...if they show advertising...they're not telling. they're not tracking who you are and they are building privacy in by design, through the engineering process, through using new tools from cryptographic techniques to just data minimization philosophies. Right? So, we're seeing a lot of that - the status quo is ripe for disruption, and there are people who are building right now to disrupt those legacy organizations. 

Debra Farber  45:19

And I want to say that I've never been so optimistic about privacy in my 17 years, because I see what's coming. Like, you know, you and I, we have a lens into what is now and what is coming and what we think should be and where we were to a degree that others might not. And, you know, I, that is a part that keeps me doing this work. Because the tools and the new techniques and the the new tech stacks, whether it's cloud or XR, or you know, I'm just thinking industries, like I don't know, I'm kind of mixing metaphors here, but, you know, no matter where, you know...web3, right, there's all of these new tech stacks where you already have plenty of developers working on these tech stacks, you know, gaining knowledge from them, new protocols being developed, new standards being developed for interoperability between these new tech stacks. All of that's happening right now to ends that involve more privacy- preserving, more trust, more assurances, more transparency; and, you know, let's just say that the status quo needs to be disrupted and it is being disrupted. We see that with what's going on in the market today. You know, we just don't have enough time to unpack it all. I feel like I could just talk for hours on this on this topic. But um, thank you for letting me talk about challenge number five.

Lourdes Turrecha  46:43

I love how passionate you are about it, and I'm always excited when you voice those opinions that many of our colleagues don't feel comfortable voicing because they're probably still employed by some of those...by the status quo. And I don't blame them, obviously, like everyone has, you know, they need to have a job or they have family. So I get that part, but it's, you know, inspiring to me that you are giving voice to a lot of people are only thinking or are too afraid to articulate out there. 

Debra Farber  47:18

Well, thank you, Lourdes; and you inspire me for starting like The Rise of Privacy Tech - really being the momentum that's keeping it going. While I'm a part...you know, I'm an advisor, a participant, part of the working groups part of this whitepaper. Without you moving this along, it would not exist. We would not even be having this conversation. And just my hat's off to you. I know you don't like being just, you know, TROPT is not just Lourdes Turrecha, but TROPT would not exist without Lourdes Turrecha.

Lourdes Turrecha  47:46

Thank you. I appreciate that, and thank you. It's also probably a personal thing where I have to get more comfortable just being gracious and accepting of compliments. So....

Debra Farber  47:59

Right. Don't we all? Right?

Lourdes Turrecha  48:02

So thank you for that. That fills my spirit. It means a lot coming from you. So yeah, thank you. 

Debra Farber  48:10

Of course, of course. Now, I know we're getting towards the end of our conversation, but you've mentioned, you know, we've mentioned several times that there's this TROPT Data Privacy Week 2023 event.

Lourdes Turrecha  48:20

It's exciting. I mean, you've been to the last couple ones, and we... 

Debra Farber  48:26

Yeah, it's really well-attended, and a lot of great content over two days.

Lourdes Turrecha  48:31

And amazing people, you know, like the caliber of speakers that we have are, they're just the best in the industry, and I'm so honored that they would want to spend Data Privacy Week with us and share their insights to help fuel this space. So, to everyone you know, who might be listening and have gotten involved, I thank you. And please, guys get involved. Again, our Call for Speakers is still open and we still have Genius Bird Registration, which means you can register for free until November 30.

Debra Farber  49:01

Now, so this is this episode is going to come out on November 29th. So, that gives everybody about 24 hours. But, what will the price be if there's a next tier? Right? 

Lourdes Turrecha  49:14

Yeah, it will be tiered pricing, which will go up to $49 for Early Bird. 

Debra Farber  49:19

Still totally reasonable. 

Lourdes Turrecha  49:20

Be a Genius, a Genius Bird instead, and just like try to get a free ticket, and then it will be tiered $49.99. $149. I don't think it goes up further than...don't quote me on this, I think $299 I think is what it's the highest at, which is nothing, I think. I mean, it's not nothing, but compared to others, it's I think....

Debra Farber  49:41

It's a totally reasonable rate, but for what everyone needs to know is you've 24 hours from...from the time that this is published to go and get a FREE ticket to The Rise of Privacy Tech's virtual 2 day event. 

Lourdes Turrecha  49:54

Or submit your talk. 

Debra Farber  49:55

Or submit your talk. So when our talk proposals due? 

Lourdes Turrecha  49:58

Same day.

Debra Farber  50:00

November 30th? 

Lourdes Turrecha  50:01

Yes. 

Debra Farber  50:01

Okay. So you have 24 hours to submit your talk. And then I don't know, I doubt you have a limit on it, but sponsorships are open and available.

Lourdes Turrecha  50:10

Yeah, they're open and available. We usually onboard sponsors up until like three to four weeks before an event. So you guys, get it in. We're talking to two prospective sponsors now and have a couple Docusigns out there. So, let us know. It's kind of like, there are different tiers of sponsorship, of course, but if you're on the same tier, we give, you know, prime speaking spot to the first one that signs. Right? Because it's earlier and so we want to make sure that they get, you know, like a good speaking time and a good speaking spot at the event.

Debra Farber  50:46

So don't wait. You want to be in a better order to get a better speaking slot, I guess. Yeah.

Lourdes Turrecha  50:52

You don't you don't want to do any last minute like trying to figure out what's a good time to speak when most of the prime speaking slots are taken.

Debra Farber  51:00

Indeed. Well, Lourdes, I want to thank you so much for joining us. It was really a pleasure. 

Lourdes Turrecha  51:06

My pleasure.

Debra Farber  51:07

On Shifting Privacy Left, which is, you know, so in line with all the work that The Rise of Privacy Tech does and even a trend that the whitepaper highlights.

Lourdes Turrecha  51:19

Exactly. 

Debra Farber  51:19

Until Tuesday everyone when we'll be back with engaging content with another great guest. Thanks for joining us this week on Shifting Privacy Left. Make sure to visit our website shiftingprivacyleft.com where you can subscribe to updates so you'll never miss a show. While you're at it. If you found this episode valuable, go ahead and share it with a friend. And if you're an engineer who cares passionately about privacy, check out Privado, the developer-friendly privacy platform and sponsor of this show. To learn more, go to privado.ai. Be sure to tune in next Tuesday for a new episode. Bye for now.