The Future of Privacy Engineering

Opportunities in Privacy Engineering

Within a business environment, privacy is two things — a service that meets regulatory requirements and an innovative product for the customer. According to Jacques Mouton, a Privacy Engineer at Google Cloud, privacy has so much more potential. “I believe privacy is a key component in the safety metric for a given technology, and I think that there’s value in safety. Privacy is a component associated with that value.” That value goes beyond the financial aspect to include a variety of intangibles that deliver safeties and securities precious to customers and companies.

Right now, privacy engineering is driven mostly by regulators, and privacy engineers are primarily working on solving regulatory problems. But what if privacy was transformed into its own industry, with executive functions and innovative, visionary products that drive the future of technology products and services while simultaneously making those technologies safer and more secure?

Privacy and Security: Window Coverings and Locks

Jacques gives an excellent metaphor of how privacy and security differ entirely but work in symbiosis to provide a complete package. “When you think of your house, you have security and then privacy. You have the locks on your doors, which are security, but then you have the shades on your window, which are privacy. When you build a home or move into a home, you can tailor your windows, the privacy coverings, to your liking — you can have shades, blinds, sheer curtains, blackout curtains, or you can have drapes that automatically rise and close at any given time of day. So it can be really adjusted based on your preferences, which may be shaped by your needs, culture, or even location.”

In Europe, the General Data Protection Regulation (GDPR) does not define privacy as a function of security. Instead, it states that security is a function of privacy. However, in the U.S., where security is an older and more established industry, privacy regulations are driven by security experts and concerns. This is not a hindrance — in order for a burgeoning privacy industry to stand vigorously on its own, it’s wise for it to follow in the footsteps of the security industry.

Google Cloud’s CISO, Phil Venables, is a member of the President’s Council of Advisors on Science and Technology, and he educates and advises the White House on security matters. Such a thing doesn’t exist for privacy yet where industry executives come together with regulators to discuss the future of privacy, the concerns of the regulators, and the needs of the industry. As technology advances and becomes inherently more dangerous, the opportunities for regulators and industry leaders to work together will increase. If such opportunities are seized, privacy policies and regulations can be improved while more privacy-enhancing products and services continue to be built.

Emerging Opportunities for Privacy Professionals

The U.S. has a patchwork of laws that govern data privacy, but there are no federal, holistic statutes in this area. Europe has a Universal Declaration of Human Rights that safeguards each person’s right to privacy. The European Commission, however, found that the right to privacy was not being delivered to citizens in the digital space. In 2016, the GDPR, a set of data privacy requirements, was introduced, and entities operating in Europe were given until 2018 to establish compliance. During that two-year runway, businesses slowly started having conversations around privacy and hiring law firms to build privacy packages to meet the GDPR’s minimum requirements.

Maybe a little too slowly — when compliance enforcement began, law enforcement started issuing fines uncomfortable enough to companies to warrant hiring full-time privacy professionals. These new functions were sourced from industries like healthcare, the military, and security and gave rise to privacy tech firms whose sole responsibility is to provide services to make users and companies privacy compliant. These firms are niche and typically don’t offer a suite of products, but there is potential for technology leaders to harness this type of work to provide customer and end-user privacy services and workflows. This fresh territory of services could potentially expand the impact, scale, and scope of privacy engineering. In fact, Jacques believes there is a need for an executive function within companies to provide a forward-looking position to guide the future of privacy engineering.

A Vision for a Privacy Executive Function

When asked what elements are the most important and most lacking in the privacy engineering space, Jacques says the answer is the same for both — visioning. He recognizes that the reactivity to legislation has built this new privacy function within business, but rather than lamenting it, he sees it as an opportunity for the creation of something new and meaningful.

“My belief is that privacy is an enabler for innovation, not a hinderer. And you can make privacy beautiful just like you can make your window drapings beautiful. It depends what your definition of beautiful is for your given cultural background. It also depends on your needs and goals. If you have a south-facing window, likely the sun isn’t going to be shining in it. But if you have a west-facing window, likely the sun will be shining in it. So the type of shades and drapings that you have on it will have different jobs. And I believe that understanding this is important because that will assist in understanding how you can be innovative in that space.”

An executive privacy function would help companies meet this opportunity and look ahead of regulations to produce solutions that would improve people’s quality of privacy and quality of life. Instead of solving only current problems and innovating privacy engineers out of jobs, this executive function could create vast value and a robust new workforce by looking ahead and creating a vision for the future of privacy engineering.

To illustrate this, Jacques brings the window metaphor into reality: “Meeting rooms now have window panes that have technology embedded so that you can click a button, and the windows fog up, and privacy is invoked in a moment. Then after that meeting is over, you can push another button and release that privacy. That’s extremely innovative and extremely useful and could have applications across many different spaces in the world. And my belief is that privacy engineering has the duty to do the same.”

To Conclude

The future of privacy engineering is bright, providing ample opportunities for industry leaders and regulators to safeguard the fundamental right to privacy. By understanding the foundations of privacy and security, seeing privacy as a competitive advantage, and fostering collaboration between the regulators and industry experts, we can shape the future to be safer for all.

About the Contributors

Author: Molly Trimmer, an editor with Mandiant, part of Google Cloud

Editor: Melike Sayoglu, a Policy Specialist at Google and Oort-Cloud Blog Series lead

Interviewee: Jacques Mouton, a Privacy Engineer at Google with a passion for leadership and what can be