Webinar Recap: Unpacking Privacy Engineering for Lawyers

Ethyca is proud to have sponsored the Interactive Advertising Bureau’s (IAB) webinar yesterday called Unpacking Privacy Engineering for Lawyers. 

Our CEO Cillian Kieran moderated the event and facilitated a discussion about privacy engineering and how lawyers can work together with engineers to solve the technical challenges of privacy compliance.

The panel included legal privacy leaders from the world’s top teams, like Tanya Forsheit, Head of Privacy Compliance and Sr Counsel from The New York Times, Jamie Lieberman, Chief Legal Officer from Mediavine, and Marissa Levinson, Associate General Counsel – Privacy from Instacart.

During the discussion, our expert panelists provided the audience with practical insights on how lawyers can collaborate more effectively with engineering teams to ensure privacy compliance across the entire organization. 

Here’s a summary of what was discussed during the webinar.

Presentation: privacy engineering for lawyers

Cillian started the webinar with a brief presentation about what privacy engineering is, illustrating its role with the iceberg analogy. 

Whereas traditional privacy and governance (policy enforcement, consent management, risk assessment, etc.) is the tip of the iceberg, privacy engineering is everything below the surface: policy declaration and enforcement, data flow modeling, privacy tools development, etc.

In other words, privacy engineering deals with the technical privacy operations that lie beneath the surface of governance and compliance. 

Because of privacy’s increasing technical requirements, lawyers need to start collaborating more closely with engineers. This involves translating legal privacy requirements to engineers and working together to implement technical privacy controls in the software development and data processing lifecycle.  

Cillian then opened up the discussion to the panelists for insights on how to do this. Here are some of the key takeaways from the panel.

Panel: how legal and technical teams can collaborate on privacy compliance

Keep an open line of communication

One of the questions Cillian asked the panelists is how privacy lawyers can educate technical teams about privacy. Jamie answered that education needs to go both ways; both lawyers and engineers need to share their valuable expertise with each other. 

For example, Lawyers can inform engineers of the legal privacy requirements that must be implemented, and engineers can educate lawyers on the technical complexities and realities of implementing privacy controls in the software development and deployment processes. 

When both parties understand each other, it can lead to more effective and productive communication.

To do this effectively, though, Jamie stressed the importance of creating open lines of communication between both teams. She emphasized that open communication will provide an opportunity for mutual collaboration, rather than friction-filled workflows. 

Both Tanya and Marissa agreed with Jamie. Tanya added that in many organizations, lawyers don’t often communicate with engineering teams. It’s only by creating that open line of communication can education and understanding between both teams truly begin.

One way to start facilitating communication is by sharing articles related to privacy regulations on Slack. Tanya mentioned that this would give engineers an opportunity to see privacy from a legal perspective and understand where lawyers are coming from, leading to more transparent cooperation and collaboration.

Lawyers should put effort into being technically literate

Lawyers shouldn’t only be the ones educating technical teams, though. Marissa pointed out that it’s also important for lawyers to learn how privacy is technically possible. This can help facilitate effective and productive communication between both stakeholders.

Marissa said that 50% of her time spent in meetings is with technical folks. While you don’t necessarily need to be able to code, she said it’s important for lawyers to understand, and be willing to understand, the know-how of software development and deployment to converse effectively with engineers. 

As Jamie said, by showing that you’re willing to learn from engineers, you’re showing that you respect their profession. By being curious about how engineers work, lawyers will be able to facilitate privacy compliance workflows that are less friction-filled.

In fact, lawyers are now required to maintain a level of technical competence. As Tanya pointed out, while lawyers don’t necessarily need to have a technical degree, lawyers now have a duty to keep up with technical changes. 

Despite what privacy regulations might imply, there isn’t a magic button that makes everything compliant. Lawyers must be able to understand how technical privacy is implemented to take advantage of the open lines of communication they’ve developed with engineering teams.

Lawyers must put themselves in an engineer’s shoes

Throughout the talk, Jamie emphasized the importance of building relationships. Although privacy education and technical sophistication on the lawyer’s end are important, Jamie advises that lawyers should put themselves in an engineer’s shoes. 

That means, when communicating with engineers, they should explain legal technical requirements in plain language. Instead of giving an “it depends” kind of answer, respond to questions with decisive and actionable solutions.

Marissa also echoed her statements on providing actionable decisions. Instead of sending long memos detailing the ins and outs of privacy law, she advises offering a few main takeaways. Marissa says it’s important for lawyers to make those decisions so that engineers know exactly what they need to do. The more actionable the direction is, the better.

Tanya chimed in that lawyers need to listen to engineers. As she said, “lawyers are terrible at listening” because they were trained to have all the answers. But, most lawyers don’t know anything about engineering. So Tanya advises to “stop, listen, and don’t jump to conclusions.” That’s how effective communication can happen between both teams.

Lawyers must help reframe the privacy problem

When asked about how lawyers can navigate the cultural aspects of privacy as a “tax” on engineering teams, Jamie offered a proactive solution. She said that lawyers should try to reframe privacy as another business challenge that needs to be solved. 

Jamie recommends focusing on solutions rather than the fines or the possibility of getting sued. She offered that “fear doesn’t motivate people. Solving problems does.” A productive way of reframing the problem of privacy is getting engineers to think about how they can be innovative with their solutions. If your engineering team can come up with a way to solve privacy, that can be a positive differentiator for your business.

By putting in the work to build communication, understanding, and ultimately, empathy between teams, engineers will understand the legal constraints lawyers are working under As Jamie said, “privacy is a moving target” and it’s frustrating for not only engineers but lawyers as well. Once the challenge is reframed as something that both teams can solve together, you’ll be able to establish a more collaborative process for privacy compliance.

Conclusion: privacy engineering is a team sport

While privacy engineering looks different between organizations, ultimately, as Marissa said, “there’s someone who knows the law, knows how to translate it to the engineering team, and someone who knows how to implement it.” This can be done through a dedicated privacy engineering team within an organization or separate legal and engineering teams.

Regardless of what privacy engineering looks like in your organization, cross-team collaboration is important. The way to do that is by building open, productive, and communicative relationships with each other. You can apply the advice of our expert panelists to your own organization to forge stronger ties between legal and engineering stakeholders to solve privacy compliance.

If you’d like to learn more about how Ethyca enables legal and technical teams to solve privacy compliance, schedule a meeting with one of our privacy deployment strategists today.