The Leaning Tower of Privacy

Rebecca // August 10 // 0 Comments

The Tower of Pisa was designed to be a beautiful monument to the victories of the Pisan seapower.  However, as the third floor was being built in the 1100s, the architects realized that the tower was leaning.  The foundation was poor.   Measures were taken to prevent the tower from toppling during construction, and Pisa now has a marvel of a centuries-old tower that is leaning to one side.  The design is beautiful, but the tower is best known for its comical tilt. The tower has required renovations and patched-on work in the last century to stabilize it.

It’s tempting to use this story to explain why you need a good, stable foundation. However, I want to highlight the gap between the beautiful design and the implementation. It doesn’t just happen in 1100 architecture, but it can occur in privacy, too. The most beautifully designed data protections may lean to one side when implemented. Let’s call this the Leaning Tower of Privacy. 

When data protection looks better in design than in the outcome

A data protection program may look better in design than in outcome for a number of reasons, including:  

  1. Software may have bugs. Typical programming errors can lead to privacy vulnerabilities.  Race conditions are just one example of bugs that are easy to introduce by accident, can impact privacy, but can be hard to debug.  Imagine a race condition that occasionally retrieves – and reveals – the wrong person’s data.  
  2. User experience research was incomplete.  If the design made assumptions about user expectations, user understanding, or even how they interact with the product, the foundations will not be solid enough for the data protection program.  An example may include a beautiful privacy policy that is only in English, but most users speak French.  The UXR (or market research) failed to inform the design.  
  3. Privacy atrophy.  The environment around the program changes, so that the protections are no longer as effective.  (See more here)

Luckily, there are ways to reduce the gap between the privacy design and the privacy implementation.  The field of software engineering has proposed many options that are effective.  These include processes like agile design and better testing.  In my next post, I’ll talk more about how these processes can improve privacy so that companies can reduce privacy atrophy and the leaning tower of privacy.  


About the Author Rebecca

Dr. Rebecca Balebako builds data protection and trust into software products. As a certified privacy professional (CIPP/E, CIPT, Fellow of Information Privacy) ex-Googler, and ex-RANDite, she has helped multiple organizations improve their responsible AI and ML programs.

Our Vision

 We work together with companies to build Responsible AI solutions that are lasting and valuable. 

Privacy by Default


Quality Process