An attempt to avoid talking past each other so we can direct instead our efforts towards moving the needle on privacy through privacy innovation

Cumulative funding towards privacy companies. Source: Crunchbase.

There is increasing interest in the nascent privacy tech landscape.

Entrepreneurs are building solutions in response to privacy and data protection problems. As of the publication of this post, Crunchbase lists 824 self-described privacy companies.

Investor interest in funding privacy tech startups is also strong, even in the midst of the pandemic when funding was reportedly stalled. Crunchbase reports that investors have poured $4.6B in cumulative funding towards emerging privacy companies.

2020 saw the first two privacy tech startups gaining unicorn status: OneTrust and BigID.

In the midst of the pandemic, COVID-19 tool developers came out touting privacy features, including…

Audio social media app Clubhouse and Andressen Horowitz (a16z) recently announced closing a Series C round at a $4 billion valuation with an undisclosed funding amount, after already raising $110M in previous funding rounds.

Privacy is one of the most critical issues of our time, and VCs play a significant role in introducing technologies that infringe on individual privacy at massive scales. In Clubhouse’s case, a16z played a key role in fueling Clubhouse’s meteoric rise, leading its $10M Series A, $100M Series B, and recent Series C funding rounds.

Previous posts in this series covered: Clubhouse’s privacy failures, how…

Preceding posts in this blog series covered Clubhouse’s privacy failures and how its app rollout signals to consumers that it doesn’t care about them or their privacy. This post provides a blueprint for how Clubhouse can begin to fix its weak privacy foundation.

Last week, Clubhouse reportedly had a data leak involving 1.3 million Clubhouse users, whose user IDs, names, photo URLs, usernames, social media handles, and other profile and account information were scraped and posted on a hacker site.

As a result of Clubhouse’s privacy failures, privacy advocates and regulators all over the world are scrutinizing the new audio-based social media platform. Here in the United States, privacy advocates have notified both the Federal Trade Commission and California Attorney General of Clubhouse’s privacy failures. Overseas, French and German regulators are investigating Clubhouse’s privacy practices, and UK privacy watchdogs are paying close attention.

But this shortsighted approach is counterproductive to scaling

We’ve seen the story before: social media app enjoys meteoric rise unfailingly followed by a slew of privacy and security failures. Clubhouse is no different: it rolled out its app to a global user base with little regard for privacy, if any. In a nutshell: Clubhouse collected people’s personal information even before they engaged with the app. It made doubtful claims that it anonymizes the personal information uploaded to its servers. It engaged in dark patterns to get users to give access to their contacts and their Twitter information. …

Clubhouse, the new audio-based social media app where users enter rooms to talk about anything they could possibly want, is gaining lots of attention. Part of its popularity comes from it being pegged as the next social media giant. Beyond the hype, its epic product privacy failures warrant scrutiny.

While social media platforms are notorious for their privacy failures, Clubhouse committed its own set at a time when consumer privacy sentiment is increasingly in favor of privacy. What’s more, big tech brands like Apple have been publicly championing privacy, recognizing that privacy has value beyond compliance. Research also shows that…

Photo by Louis Velazquez on Unsplash.

Earlier this month, a bipartisan group of US Senate and House lawmakers introduced the Promoting Digital Privacy Technologies Act (S.224). Senators Cortez Masto and Fischer introduced the bill to the Senate, while Representatives Stevens and Gonzales introduced it to the House floor. It has been referred to the Senate Committee on Commerce, Science, and Transportation.

S.224 has serious implications on privacy innovation. As such, I’ve taken the time to review it, break it down, and provide recommendations on how to improve it.

What S.224 Says

S.224 is a bill about privacy enhancing technologies (PETs). …

As I teach my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester, certain privacy and technology terms and concepts come up. I previously wrote about the course here, here, and here.

One of my course goals is to introduce my students to common nomenclature intersecting privacy and technology, a step to bridging the legal-technical gap in this cross-functional space.

Thus, we’ve created this glossary, which we will be periodically updating throughout the semester.

Anonymization. Anonymization is the process of rendering data anonymous in such a way that the data subject is not or no…

Last week in my Privacy & Technology course at Santa Clara Law’s leading privacy program, we tackled privacy engineering. As some of you may know, I am teaching my experiential Privacy & Technology course this semester. I previously wrote about it here and here.

Given last week’s privacy engineering focus, who better to have as a guest lecturer than Michelle Finneran-Dennedy (Mdennedy), whose book, The Privacy Engineer’s Manifesto, is one of the texts we’re reading for class (along with Prof. Woodrow Hartzog’s Privacy’s Blueprint: The Battle to Control the Design of New Technologies). For folks who don’t know Michelle, she’s…

This year, I had a Data Privacy Day “first”: I celebrated it with a group of aspiring privacy practitioners in technology, my Privacy & Technology course students. As some of you may know, I am teaching my experiential Privacy & Technology course at Santa Clara Law’s leading privacy program this semester. I previously wrote about it here. We meet twice a week, and it turns out that our sixth class meeting fell on Data Privacy Day.

Quick background: Data Privacy Day commemorates Convention 108, which was signed on January 28, 1981 and is the first legally binding international treaty dealing…

A Santa Clara Law experiential privacy course that will prepare law students for privacy practice in tech

This week, I begin teaching (remotely given the pandemic) my Privacy & Technology course at Santa Clara Law’s leading privacy law program. This course has been eight months and hundreds of hours in the making, so I am very much excited and just ready to begin working with the students.

Course Objectives

My main objective in creating the course is to prepare students as privacy professionals in the tech sector. In addition, I want to introduce them to the nascent privacy tech landscape, which is near and dear to my heart. More practically, I want them to be able to identify and…


Founder & CEO @PIX_LLC @PrivacyTechRise | Privacy & Cybersecurity Strategist & Board Advisor| Reformed Silicon Valley Lawyer | @LourdesTurrecha

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store