AI Privacy Is a Plumbing Problem, Not a Policy Problem
Privacy in AI systems fails in the implementation details -- what gets logged, who can replay prompts, how long artifacts linger. Treat it as infrastructure, not a compliance checkbox.
Privacy
Definition
Privacy coverage in this archive spans 7 posts from Feb 2017 to Apr 2026 and frames privacy as continuous risk reduction instead of one-time policy work. The strongest adjacent threads are compliance, security, and gdpr. Recurring title motifs include gdpr, privacy, ai, and sovereign.
Key claims
- The strongest pattern is operational: security controls are effective only when they are embedded in delivery flow.
- Early posts lean on gdpr and engineering, while newer posts lean on ai and privacy as constraints shifted.
- This topic repeatedly intersects with compliance, security, and gdpr, so design choices here rarely stand alone.
Practical checklist
- Map threats to concrete controls, then tie each control to an owner and an observable signal.
- Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
- When boundary questions appear, cross-read compliance and security before committing implementation details.
Failure modes
- Treating compliance checklists as a substitute for runtime detection and response.
- Adding controls no one owns, tests, or rehearses under incident pressure.
- Applying guidance from 2017 to 2026 without revisiting assumptions as context changed.
Suggested reading path
- Start here (current state): Sovereign Systems: Building for a World Where Data Privacy Is Non-Optional
- Then read (operating middle): 2018: The Year Tech Got Humbled
- Finish with (foundational context): GDPR Is an Engineering Problem, Not a Legal One
Related posts
- Sovereign Systems: Building for a World Where Data Privacy Is Non-Optional
- AI Privacy Is a Plumbing Problem, Not a Policy Problem
- Running AI Locally: A Practical Guide for Teams Who Care About Control
- 2018: The Year Tech Got Humbled
- GDPR Week One: What Actually Happened
- GDPR for Engineers: What We Actually Built at a Fintech Startup
- GDPR Is an Engineering Problem, Not a Legal One
References
Running AI Locally: A Practical Guide for Teams Who Care About Control
Local AI is no longer a hobby project. Here's how to set it up properly: provider abstraction, versioned models, evaluation harnesses, and cloud fallback for when local isn't enough.
2018: The Year Tech Got Humbled
A personal look back at 2018 -- from GDPR scrambles at the fintech startup to Google for Startups Seoul, Spectre/Meltdown fallout, and the infrastructure shifts that defined the year.
GDPR Week One: What Actually Happened
GDPR went live on May 25th. Here's what the first week looked like from inside a fintech company -- the scrambles, the surprises, and the things we got right.
GDPR for Engineers: What We Actually Built at a Fintech Startup
Eleven days before the GDPR deadline, here's the technical implementation work we did at the fintech startup — data mapping, consent storage, erasure pipelines, and the backup problem nobody warns you about.
GDPR Is an Engineering Problem, Not a Legal One
We're 15 months from GDPR enforcement. Here's the technical checklist I'm working through at the fintech startup — data inventory, consent, deletion, and everything else engineering actually has to build.