"The Data Diva" Talks Privacy Podcast

The Data Diva E43 - Ben Brook and Debbie Reynolds

August 31, 2021 Debbie Reynolds Season 1 Episode 43
"The Data Diva" Talks Privacy Podcast
The Data Diva E43 - Ben Brook and Debbie Reynolds
Show Notes Transcript

Debbie Reynolds “The Data Diva” talks to Ben Brook, Co-Founder and CEO of Transcend, a data privacy infrastructure company. We discuss the Data Privacy challenges that businesses face and how Transcend solves them, the changes in data that have led to the greater need for data privacy, the US and EU privacy differences, how businesses need to change how they operate to address privacy regulation, the data control offered by Transcend, biggest privacy surprises and challenges, lack of automated connections between complex data systems, the need for understanding of privacy by developers, the challenge of privacy where there are data silos, and his wish for Data Privacy in the future.

Support the show


43:54

SUMMARY KEYWORDS

data, privacy, transcend, laws, companies, business, consent, people, consumers, happen, system, users, problem, opt, organization, automated, creating, state, processes, data flows

SPEAKERS

Debbie Reynolds, Ben Brook

Debbie Reynolds  00:00

Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, this is Debbie Reynolds. They call me "The Data Diva". This is "The Data Diva Talks" Privacy podcast, where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. Today I have a special guest on the show—Ben Brooks, who is the co-founder and CEO of Transcend. Transcend is a Data Privacy infrastructure company. And I've been really interested in kind of the privacy enhancement tech space for quite some time, and Transcend caught my attention even before Ben, and I met. So I could just tell a little bit about our backstory. Let's see you, and I ended up on a panel, I believe, at Riser Privacy Tech. And then I think after that, we had kind of a chat about transit in general. And it was cool. I was kind of fangirling because I was like, Ah, you know, I really liked the product. And so it was cool that we were able to connect those. So I'm happy for us to be able to do this episode to get to know you better and get to know Transcend better. So tell me a little bit about kind of your journey and transition and sort of the problem that Transcend is solving.


Ben Brook  01:42

Yeah, you bet. So, first of all, thank you for having me on the podcast. I'm a listener and a fan. So excited to be here. So Transcend makes it simple for companies to give their users control over their personal data. And we started back in 2017 by automating the entire process of receiving and fulfilling data subject requests. And we've recently now expanded to include helping companies actually regulate their data flows based on user's consent preferences. So going way back to 2017. And actually, even in 2016, my co-founder and I were studying computer science together at Harvard College. And we, on the side, we would just be building all these different types of kind of side projects. And one of those projects ended up being an attempt to actually download all of our personal data from various companies and purely for the reason of trying to understand just like our behavior and perform some data science on it just for fun. We're both kind of stats nerds. And so that was kind of our first foray into this world of data rights. And we realized that it was, at the time, essentially impossible to get a copy of one's own personal data. And that really didn't sit right with us. We thought that consumers ought to be able to at least be able to get a copy of the information that essentially tells their life story, where they're going throughout the day, the decisions, they're making their interest profiles, etc. And so we, around that moment, decided that we would see how we could try to actually make this a reality. And so, as we got deeper and deeper into privacy, we read the draft bill for GDPR. And realize that we may actually be at the dawn of a privacy revolution. And we kind of took this draft bill to some companies and ask them, Hey, is this like, is this a real concern for you, and at the time, those companies didn't really even know what GDPR was, and so said, we're not too worried about it. But then one morning, it was just like, everything exploded, and everybody was freaking out hair on fire with GDPR around the corner. And so then we decided, okay, we're going to actually jump into the space. And so, we graduated in 2017. And started Transcend, flew to San Francisco the day after graduation, and basically got an apartment and just lived off ramen and started trying to figure out how we could actually bring this vision into the reality of helping companies give their users these data rights. And it was a very strong foundation of just being very focused on the user and getting those data rights to become actually a reality. And so we continue sort of talking to businesses and talking to consumers, and really realize that the sort of core problem, the main reason why users don't have these data rights. It's primarily that companies have massive, massive amounts of data. And personal data has never been treated as a special class of data historically. And so personal data is replicated into dozens, if not 1000s, of different internal databases and stores. They're sent to vendors. And it's basically just this massive sprawl of personal data. And so for decades, we've been sort of building these, like, sort of information superhighways, that flow personal data into different systems. But the prospect of playing that backward is very difficult. And the analogy is like, and it's like a dirt, dirt road in the lane coming the other way. So we decided we would initially set out to make it simple for companies to actually reverse that and be able to find all of the personal data for one given user, and actually to give that back to the data subject. So the right of access, the right of a ratio, we started powering those inside businesses. And we got it to a point where it got so automated that we decided we'd launch our second product, which would be the Privacy Center. And that's basically a self-serve portal for data subjects or end-users to go to actually click a single button that says, request my data, delete my data, etc. And typically, within minutes, they get their response. Because on the back end, we had it automated enough in the company that it was totally hands-off for our customers. And so, making it self served for the data subject was a logical next step. And then, once you solve one problem, customers start asking for the solutions to all the adjacent problems. And so the sort of another half of data rights, in my opinion, is consent. And so that's asking the question of how can we prevent future data from being collected or being used in certain ways? So how can we help users opt-out or give consent and then actually help the business honor that at a very granular level and completely? So if the user says, do not sell my personal information, or never opts into targeted advertising or something, how can we actually encode that across the company's data stack and ensure that that doesn't happen for that person? So that's kind of our new foray now. And it's still right at the bedrock of our mission, which is to make it as simple as possible for companies to get their users this real control over their personal data. And, yeah, we believe that we're slowly chipping away at these problems, but we think we're cultivating a reality in which, for consumers, like you and me, we should be able to make these choices very simply and in a way that makes sense. And they should be accessible. And on the company side, it shouldn't represent a massive burden to comply with it. So that's a little bit about Transcend.


Debbie Reynolds  08:25

Yeah, boy, you're answering all the tough questions already. So that's really good. I think, too, you know, it's interesting, the time that you all started really thinking about this problem was, or the time between, I would say when GDPR became law in 2016. And then when the enforcement happened in 2018, it was kind of hair on fire at that point, right? Where people were like, oh, my God, now we have these applications. And we didn't really do anything about it two years ago. Now we have to do this. But also, I think something is something else that's happening that is kind of creating more of a groundswell. Actually, a couple of things are happening. One is, you know, consent is not a new concept, right in the EU. So that was very much kind of their base, because privacy had been a fundamental human right for decades, and then codified into our laws, where the US because we don't have kind of a strategy around that. It was more of like, notice, so you know, you get a thing in the mail, and it was a privacy policy or something, and that was it. And then there wasn't a consent type of mechanism because companies really didn't need to do that. But as we're seeing these states pass these laws, consent very much is part of, you know, part and parcel of what these laws are actually talking about. And then also creating these kinds of categories of data sensitivity. So having certain data types have to be handled in certain ways and have different penalties. So I think that helps to kind of wake us people up companies a lot about sort of the importance of consent. And as you said, the data that goes on the company's It was really never thought of in that way. So it was kind of like, almost like a real small tail, like the data comes in and never comes out, you know. So those are never meant to have data come out, it was the data be kept forever. So then also creating these retention requirements, where before you can keep the data forever. And now there is kind of rules around actually time data to a purpose. You know, from a Cybersecurity point of view, being able to get rid of stuff, that's the same data liability and not an asset. So I think all those things playing together. Also, I think that you know, companies that we're thinking about, let's think about GDPR, the legal basis for transferring data, like, companies avoided consent as much as possible. So they want to use these other, you know, the legal basis to be able to handle data. And we know from a business-to-consumer perspective that consent has to sort of play a part in there. So I feel like we're in we're at the beginning of the beginning about in the US about consent, and how, you know, companies if even if they want to just sort of go forward and become more mature, they need to have these consent mechanisms in place. What are your thoughts?


Ben Brook  11:46

Yeah, I completely agree. The United States regulatory landscape is in the absolute earliest standings right now on Data Privacy laws. GDPR is certainly set the standard for a modern framework for privacy. And now, obviously, we're seeing all these states starting to pass their own laws because we're, the Federal law is still up in the air. And I think it would be great to see the US go toward consent. It looks like there's a lot of sort of default on that's happening in the United States where users get the right to opt-out of certain types of things. But there are fewer, fewer areas where there's express consent required. Typically, that appears to be mostly that will be mostly tied to very sort of sensitive types of processing. So things that may pertain to one's health records or, in some cases, it may even go as far as things like targeted advertising. But for the most part, the United States is still very early to tell whether we're going to sort of following more of the European regime with express consent or go more toward opt-out. But today, it feels more like the default for most things is going to be opt-out, where if you land on a company website, they can still collect analytics about you, they can still process your data by default. But you may have more control over whether you can opt-out. And but even under GDPR, I think the whole privacy landscape is still so early. We're still seeing only that some of the first earliest enforcement actions, like some things that were filed on the date GDPR came into effect, are only now getting their first decisions in court. And so there's still a lot to be figured out and how GDPR will be enforced, whether certain legal bases can be used. And in specific scenarios. I know a lot of companies rely on legitimate interest for things that may not be may not a judge may not agree within Europe. And so there are still decisions there that will sort of hone how the laws actually enforced and put into effect. So I would say, just globally, the whole thing is, is still in its dawn, but certainly in the United States where we're still a little bit in the dark on what will happen with the next 5-10 years here.


Debbie Reynolds  14:38

Yeah, yeah, there's a way to go. Yeah. And then to the US and the EU landscape is very different. For me, in part, because in the EU, privacy is a fundamental human right, and it's not that in the US. So a lot of our what I like to call. A lot of our rights are situational, and then when we're passing laws, so if you think about the GDPR, the GDPR really is about data protection. So they already have a privacy, right? Right. And so it's about protecting the rights that they have, where we're passing laws, we're trying to create privacy rights and protect data, and then doing it on a piecemeal basis for every state, and then every state wants to be different. So it's almost like everybody wants their own little bespoke thing. I think some states were kind of jealous of California and getting all the attention still before their privacy framework, even though they started, like, 40 or 50 years ago doing this. So, you know, I honestly, if you haven't done anything, you can't be where California is. But I think, to me, that's one thing that I'm seeing where states want to almost have kind of like these bespoke laws to make them stand out a bit, which makes our job a lot harder. Right?


Ben Brook  16:08

Yeah, it's certainly a moving target. I mean, it seems like pretty much every six months, now we're seeing a new state law actually get passed. So we have Virginia and Colorado most recently. And, and the other thing is, we also don't know if any of these will continue to be in effect in five years from now because the Federal law may preempt all of them. And so it's always a moving target. And I mean, for from Transcend's viewpoint, you know this is a huge reason why it's good to have a team dedicated to doing this, where you can sort of outsourcing things like staying on top of all the different state laws, and all the different requirements where, you know, on January 1, 2023, Virginians will now be able to opt-out of targeted advertising and profiling. And so that's either you can staff a team towards sort of figuring out how that works, or you can, or you can have a sort of outsourcing team like Transcend actually staying on top of those and building them. And that's also not even, like one spinning plate. But there are also other ones. So like one is, the company's data flows are just changing all the time, right? Like there are new ad tools, going on to the website is doing analytics tools. And being able to actually like, tie your governance to those changes and make sure that consent, like very tightly follows any of these new data flows, is that's like another thing that privacy teams have to stay on top of today. And then, in addition to just state laws similar to GDPR, there's just there's an evolution in each of the laws were just recently, the California Attorney General's office, specifically named global privacy control the new browser standard, as something that has to be honored when a user visits your website. And I can guarantee that this happened in July of 2021. And I can guarantee you, like 99.9% of websites have not yet done that. And so there's just a, like, a continuous sort of onslaught of requirements that are just deferring and region and, and always changing. So it's a lot to stay on top of today. And so, the Federal law certainly would, could provide some harmonization, but I think no matter what we'll have, we'll have some fragmentation across regions when you're dealing with Europe and Brazil and the United States and all the new regions globally, that are bringing up new privacy laws as well. So it was kind of be our job.


Debbie Reynolds  19:02

I don't I feel like we are the US we are where you are, Europe was probably in the mid-90s. So, you know, they were developing things like standard contract clauses because they knew that these are laws were dissimilar to their laws, right. And they recently updated that in the EU. And then they knew that they have to come up with some strategic framework because all these member states have kind of their own thing. So you know, the data directive that preceded the GDPR. And GDPR was kind of a way to harmonize or get agreement on things sort of across the EU. And they, as you know, all these Member States still have some laws that are different, right, then GDPR on top of GDPR. So that's where I see kind of the US going at some point if we ever can get together and have it. What we're missing right now is some entity that is in charge of creating a strategy, not just the FTC, because they have to see only cover certain industries, right? So a strategy for all types of businesses about what the agreement what are the things we can agree on across states, you know, to make it Federal, and maybe that's like wafer-thin right now, you know what I mean? Like, maybe that is getting some harmonization, or maybe the data breach notification laws, you know, federally where we're saying, okay, we're going to agree on the definition, we're going to agree on the reporting, we're going to agree on the time periods or whatever for a data breach, and then maybe we leave out private right of action and preemption. At the moment, do, we can sort things out? That's sort of where I think I hope things will go because I think that's like a good first step, instead of us trying to do these Hail Mary, you know, these bills that they try to people try to, you know, do something that's so comprehensive that it just will never go. What are your thoughts?


Ben Brook  21:18

Yeah, it's tricky. I mean, there's what, like, six or seven bills right now, at the Federal level, and, and that they'll have sort of like varying degrees of like, GDPR ness to them. If the floor is like something like CCPA, then GDPR is the ceiling. And pretty much every Federal bill will sort of vary between that spectrum. But yeah, I mean, the I guess the three, like questions that are open right now, is, will they preempt state laws? Will there be a private right of action? And who is the enforcer? So will it be the FTC? Will it be a new agency that is dedicated to consumer data production. And so what's interesting is, we actually kind of have a pretty good idea of like, where, what the Federal law will eventually be, and something will pass. But so we can basically be certain that there will be the right of accessories, sure, production, etc, we can basically be certain that there will be new types of opt-outs at a minimum. And we can basically be certain that there'll be some sort of focus toward some of the larger platforms that are performing sort of automated decision making, like, sort of transparent algorithms, with advertising and so forth. So we actually see that sort of consistency across all of these bills today. But the part that would make it be, I guess, still quite fragmented as if there's no preemption because then each state will still have its own requirements and perhaps even enforcement agencies. And so I guess that's what we're all sort of waiting on right now. I, I personally don't have a strong stance on whether preemption should happen or not. I mean, I'll be honest, like, transcend obviously has a stake in complexity, like, the easier it is to comply with laws, you know, the easier it is to do in house, but so, you know, the more complexity there is like, the better it is for like a vendor to be solely focused on that. But, and I, you know, as Transcend, as its founder, like our stances, whatever protects consumers the best, right? And so if there's, if preemption does help, actually, with consistent enforcement, consistent protection of consumers, then let's go with that. But at the end of the day, it's probably going to depend on the content of the law itself. So if it's a weak law, then we'd probably want that preemption so that state laws can sort of taking it a little bit further at their discretion. But if it's a really strong law, then preemption would be just as good.


Debbie Reynolds  24:38

Yeah. Right. Yeah, I know, your businesses really do want this kind of preemption, which I don't really think it's going to happen. I really don't. Because I think the some of the state laws again, they're creating kind of bespoke things that probably wouldn't fit into or kind of a federal framework in my opinion. That's sort of what Europe is right now, where, obviously, they have, you know, the GDPR. But then, on a member state level, there are things that just didn't fit into the GDPR. Where, yeah, they want us to do on their own. So I sort of think that that's the way that things are going to go. I guess for businesses right now. Probably one bright spot is that some of the newer laws that are being passed don't have a pilot right of action, but they do have kind of regulatory fines, right, or, you know, and we're also seeing some creating, like safe harbor things where if an organization, for example, in a data breach situation says, Okay, well, you know, we can show that we did some pre-work to sort of protecting ourselves, and maybe their penalties would be lesser or something like that. Yeah. It's complicated, isn't it?


Ben Brook  26:00

Yeah. And it's complicated, just in terms of what the regulatory requirements are. But it's also, in my opinion, extremely complicated to actually, like, put those into effect within a business. Because there were just so many different, like, functions and data flows and things that are happening inside an organization, that even if you have a perfect understanding of what the what you have to do, as a business to comply, this is putting that into effect inside the business is just as challenging. where, you know, you may be tracking data into, like, 50 different systems for 50 different business purposes, and actually encoding at the system level, how like that sort of like, I like to think of it as like a sort of valve on the pipe where like, can we shut this thing off? When a user says, like, don't sell my data? Or doesn't consent to advertising or something like that? That on the technical level, that implementation is very difficult, and particularly like, when looking at just consent in on websites today? It's very rarely, actually, like regulating data appropriately. So regardless of your consent preference, there's a lot of stuff getting tracked on websites. Yeah, there's kind of a leaky problem.


Debbie Reynolds  27:31

Yes.

Ben Brook  27:33

So on a technical level, a lot of the implementations today are pretty, pretty like, like blunt force, just saying, like, we're going to try and turn this off or on entirely, but the reality is, is that a lot of data flows actually have mixed purposes. So like, right, we're not going to collect, you know, analytics data are something that because the users opted out, but we also have this tool that is used for support purposes, which also tracks analytics data. And very, very often, companies can't split that with a more granular system. And so that's kind of what we've been working on for the past couple of years is getting a super granular sort of firewall level control in for companies.

Debbie Reynolds  28:25

So when you do these implementations, and you go into these companies, what is kind of either the biggest surprise or your biggest challenge that you see? I have my opinion about this, because, you know, everyone wants their data stuff to look shiny and new and pristine and all that stuff. But then when you have to get into the guts of everything you see, kind of the challenges that you have to deal with. So I'm just curious about kind of what you're finding maybe things that either are surprising or not surprising or, you know, just an insight into what you deal with, because we when you show up, someone says, okay, I need you, I need you to, you know, look at our data. And then you look under the hood, and maybe you find something that you didn't expect or what you know. What are your thoughts?


Ben Brook  29:19

Yeah, not number one, for me is definitely just the degree of things that are happening manually today. There are a lot of operational processes inside businesses to attempt to sort of honor these user choices, be it download data, delete data, opt-out of something, or consent to something. There's a lot of people behind those processes today. And it's always shocking just the degree of work people have to do to sort of stay on top of this and just the lack of a like system-level encoding of those processes. It's always a surprise. Even in businesses that get would that have like millions of customers, a lot of that stuff is still sort of not encoded at the system level. And so and a lot of it is kind of done with like ticketing software, and, and like things that are essentially just spreadsheets, even if they have a nicer skin around it. Yeah, they are. They're highly manual processes. And so part of the reason for this is I think a lot of privacy vendors haven't really focused haven't really, like addressed the developer problems associated with this. And that was kind of that was one of the big reasons we even entered the industry is because we, we resonate with the developers struggling to sort of assist their privacy teams and legal teams. And yeah, that just thinking on a long enough timeline there has to be a sort of operating system for privacy in business, where just right down to the system level, you can say, this data is is used for that we're going to either turn it on or turn it off and being able to have this sort of policies encoded across systems is, is it's just essential for something that's going to be sustainable. And something that's actually going to be complete because of a lot of the manual processes. There are usually some skeletons in the closet. Wow. Oh, yeah. And it's very manual. And, and so by getting switching to something that's more like an operating system for privacy, you can actually get to that place of completeness.


Debbie Reynolds  31:48

Yeah, I agree. I have been really surprised to see kind of the lack of interoperability, I guess, I don't know, maybe that's the right way to describe it, where people, they may have certain things that are automated, but the links between them aren't, you know, there are people creating these may or processes or whatever, where the technologies this may connect them together or create a situation where you have more transparency with these systems where you don't have to do things, you know, in a manual fashion. So yeah, I think that always surprises me suddenly. Oh, okay. So you automate up to this point, and then the rest is manual,


Ben Brook  32:29

Do you know what I'm saying? Yeah, exactly. Yeah, there's often just like, small armies of support people, or privacy professionals, or lawyers, behind a lot of those sort of forums to change a privacy preference. Even if there are sort of sub-components that are automated. Right? It's still largely incomplete and largely manual.


Debbie Reynolds  33:00

I, you know, I think, and I like what you guys are doing, think is really important. Because what I see a lot of times, I see people having teams, you know, or legal or whatever, they understand the law, right. And they're communicating that to people who are in ops or development or whatever. But then there's kind of a block bear, where you have to find someone to help you translate that into actual action, or an actual way that you develop, or a way that you change, you know, at a kind of a day to day work level, and sort of so that is the block, I think, what are your thoughts?


Ben Brook  33:45

Yeah, yeah, I mean, so having been having helped companies over, I guess, for years, now, we've started to see like, what those blocks look like, in a way that's consistent. So you know, our first few customers, we would just be super hands-on and sort of like, just almost like at a professional services level would be in with the company. And just like figuring out the blockers and helping them block, as an operational way. But now we've sort of figured out what is consistent and turn that into a product feature such that onboarding is very simple, and they can get set up with this sort of operating system in a matter of hours or days. And so we can sort of anticipating what the blockers will be, like a very simple one. So if you're setting up data privacy infrastructure, a very simple one is this person doesn't have access to this system. We have to sort of call up this person in the organization and it to connect that, and so there's a lot of different system owners, and the reality of just data governance is that within a business, it's typically quite fragmented. And few people know everything. Often nobody knows everything. And, and it's a bit of a journey of getting the right people to sort of come in to transcend platform and, you know, connect that system. But we've, we've been able to basically turn that into something that is totally guided by the product. And is now very streamlined. But it certainly in the early days, that was, that was a very visceral problem of just sort of like chasing down people across the organization, really sort of just going through the same journey, that privacy professional goes through every day of sort of trying to collect and bring some organization to the whole data stack. So,


Debbie Reynolds  35:51

Yeah, I guess from a people perspective, privacy is a challenge, because you know, a lot of times you're working with companies that are very siloed, right, you know, their business processes silo, I like to call like Santa's workshop. So everyone has kind of their part, and no one really owns everything, you know, they hope everything comes out right at the end. But for privacy, you have to be able to interact with people at all levels of the organization and be able to kind of tell that big picture story. So have you had challenges? I mean, obviously, you have an advantage that you have a kind of technology and more empirical evidence, right. So it's not, it's not about a feeling it's about, you know, what you can actually evidence and what you can connect and what you can show and how transparent you can be, but haven't been a challenge on kind of a people level, because I feel like sometimes, depending on what systems there are, some people are they want those manual processes, they don't want kind of this automated, automated thing. So have you all run into a situation where it's been tougher to kind of get that type of kind of cooperation?


Ben Brook  37:05

Certainly, in the earlier days, that was the case. I would say privacy, in general,, has to be there has to be buy-in at the organizational level. Generally, privacy can't really happen without buying from a C-level executive. And that's with or without infrastructure. You just generally need the sort of approval of someone pretty high up in the organization to say this is important because it really does touch every person. And so, if it's just one team, without a strong mandate from the upper management, it does become very difficult. But once that happens, things are relatively smooth. For us, we find so even if there's one team who is resisting, for example, hooking up a system that that is usually what we found is that's actually less about just general resistance to solving the problem, but rather, implementation details, right. And so over time, we figured out that, you know, this may be, they may have questions about security, right? Like, do we want to hook this system up to this system? Is that a security concern for us? And we actually, at one point, completely threw out all of our code and rebuilt it to be entirely end-to-end encrypted, such that Transcend never sees the data that a business has, and furthermore, never has access to any of the data systems in a business. So basically, all of their access control and API keys are stored in house. And with Transcend, it's now more like a blind pipeline that can just help facilitate the transfer of personal data. And without actually ever seeing or sort of like touching the user's data itself. So that was like one way that we sort of came over that hurdle. Another could be just like, my system works in this way. And like, your API works in a way that seems sort of incompatible. And so over time, we basically just sussed out all the different architectures that we would see across companies like maybe they have Kafka and that we, they want us to send, they want us to send a job there rather than sort of have their system pole transcend or receive a WebSocket. So basically, there's just a variety of implementations that are possible. And once we got over that hill of just understanding and then implementing support for each of those architectures, we found that we're able to actually really rapidly move through an organization and get for support, whether entirely onboarded onto the Data Privacy infrastructure.


Debbie Reynolds  40:05

Excellent, I'm glad you mentioned those details. I think that's really important where, where you're not touching data, you're just helping companies sort of manage that process. So that's, that's a very important technical detail. And I think that that will give people a bit more ease about how they can interact and work with your infrastructure. So if it were the world, according to you, then we did everything you said, won't be your wish for privacy, either in the US around the world, technically, on a human level. What are your thoughts?


Ben Brook  40:42

Yeah, for me, it's actually quite simple. On the consumer level, I think users should have a single place to be informed about the impact of working with a business or being a customer of a business on their privacy. So having a single place where users can fully understand without having a legal degree to read a full privacy policy and really fully understand what the business is doing with your personal data. And then furthermore, have a full control surface in that same area to change any of your preferences with that business. So say, I don't want to receive targeted ads from you, or I would like to delete my data, or I'd like to see a copy of it. That should all be one click, right. Yep, that doesn't. You shouldn't have to go down a maze. And it shouldn't take, even though you may legally have 30 or 45 days to respond, that kind of stuff should get instantaneous. And so ten years from now, I'd like to see, I'd like to see a place where consumers know exactly where to go to understand how what the impact of this business is on their privacy, and then have all the controls right there in front of them. And then on the business level, I'd like to see, I'd like to see more companies encode this at the system level, to actually give themselves the assurance that this is complete, and build that trust with consumers, there's nothing worse than submitting a deletion request, and then getting a marketing email a month later, right? That, that those little gaps are very, very obvious to consumers and do trust. So within the business, encoding this at the system level, and really being able to stay on top of this with just like a sort of one-click solution, where it shouldn't represent a massive burden to the company to comply with these laws going forward. And all of that sort of regional complexity and all these spinning plates should be sort of abstracted away from the business. So that's, that's our vision for privacy.


Debbie Reynolds  42:57

Well, that's great, a great vision. I agree with all that. I think that's wonderful. So well, thank you so much for joining the show. This is fascinating. And I again, I really liked the product. And I like the way that you guys are thinking about this problem. And I think we'll be talking about this for many, many years to come.


Ben Brook  43:17

Well, thank you for having me on. Debbie. I have a lot of respect for your work and this podcast. I'm honored to be part of it.


Debbie Reynolds  43:24

Thank you. You're welcome. We'll talk soon. All right.