// Topic

Privacy

Definition

Privacy coverage in this archive spans 7 posts from Feb 2017 to Apr 2026 and frames privacy as continuous risk reduction instead of one-time policy work. The strongest adjacent threads are compliance, security, and gdpr. Recurring title motifs include gdpr, privacy, ai, and sovereign.

Key claims

The strongest pattern is operational: security controls are effective only when they are embedded in delivery flow.
Early posts lean on gdpr and engineering, while newer posts lean on ai and privacy as constraints shifted.
This topic repeatedly intersects with compliance, security, and gdpr, so design choices here rarely stand alone.

Practical checklist

Map threats to concrete controls, then tie each control to an owner and an observable signal.
Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
When boundary questions appear, cross-read compliance and security before committing implementation details.

Failure modes

Treating compliance checklists as a substitute for runtime detection and response.
Adding controls no one owns, tests, or rehearses under incident pressure.
Applying guidance from 2017 to 2026 without revisiting assumptions as context changed.

Suggested reading path

Start here (current state): Sovereign Systems: Building for a World Where Data Privacy Is Non-Optional
Then read (operating middle): 2018: The Year Tech Got Humbled
Finish with (foundational context): GDPR Is an Engineering Problem, Not a Legal One

References

7 posts

Sovereign Systems: Building for a World Where Data Privacy Is Non-Optional April 6, 2026 · 6 min Privacy is an architecture constraint, not a feature toggle. Teams that build sovereignty into their systems early avoid painful retrofits and close enterprise deals faster. privacy security data-residency

AI Privacy Is a Plumbing Problem, Not a Policy Problem September 15, 2025 · 5 min Privacy in AI systems fails in the implementation details -- what gets logged, who can replay prompts, how long artifacts linger. Treat it as infrastructure, not a compliance checkbox. privacy ai data

Running AI Locally: A Practical Guide for Teams Who Care About Control August 18, 2025 · 6 min Local AI is no longer a hobby project. Here's how to set it up properly: provider abstraction, versioned models, evaluation harnesses, and cloud fallback for when local isn't enough. local-ai development ollama

2018: The Year Tech Got Humbled December 24, 2018 · 6 min A personal look back at 2018 -- from GDPR scrambles at the fintech startup to Google for Startups Seoul, Spectre/Meltdown fallout, and the infrastructure shifts that defined the year. year-in-review technology reflection

GDPR Week One: What Actually Happened May 28, 2018 · 4 min GDPR went live on May 25th. Here's what the first week looked like from inside a fintech company -- the scrambles, the surprises, and the things we got right. gdpr privacy compliance

GDPR for Engineers: What We Actually Built at a Fintech Startup May 14, 2018 · 6 min Eleven days before the GDPR deadline, here's the technical implementation work we did at the fintech startup — data mapping, consent storage, erasure pipelines, and the backup problem nobody warns you about. gdpr privacy compliance

GDPR Is an Engineering Problem, Not a Legal One February 27, 2017 · 6 min We're 15 months from GDPR enforcement. Here's the technical checklist I'm working through at the fintech startup — data inventory, consent, deletion, and everything else engineering actually has to build. gdpr privacy security