Data privacy is a major concern, given how much of our lives are spent online and how much information consumers share with companies. And recently, increased AI adoption has created new challenges in governing that data, because of new pathways for storing and using personal data. Because of this, it’s imperative that companies have a way to govern user data and to easily comply with state, federal and international regulations concerning data privacy. Transcend has emerged as a trailblazing presence in this field. The company’s journey began with a simple question: How can individuals gain control over their own data? This led to the development of Transcend’s platform, which empowers businesses to better govern their data and meet regulatory requirements.
In this Q&A, Ben Brook, CEO of Transcend, offers valuable insights into challenges companies face in achieving compliance, the common gaps in data governance, the impact of AI on data privacy, and what regulators should consider as they shape new policies in this rapidly evolving landscape. Let’s dive into the dynamic trends shaping technology and data privacy.
Gary Drenik: Tell me about Transcend – what does the company do and how did you land on the idea that led to its founding?
Ben Brook: The idea for Transcend was born out of personal curiosity. When my co-founder Mike Farrell and I were undergraduates at Harvard, we would work on software projects together outside of class. We were both deeply interested in AI and data science and eventually got curious about the ways we might be able to use our own data to understand various patterns in our own digital behavior and uncover some insights about ourselves. We tried to request all our activity data from the various sites and apps we both used and found it to be an absolutely horrible process. Companies weren’t willing to give us our own data and didn’t have a system by which to give it to us even if they wanted to.
Around this same time, what is now GDPR (Europe’s regulation on data privacy and protection) was starting to take shape and companies were waking up to the effect data privacy rights would have on their infrastructures and policies. That said, based on what we learned from our own exercise in attempted data requests, it was pretty obvious that without a technology solution that could make it easier for companies to functionally respond to regulation, data privacy rights would be a lot more bluster than benefit for consumers. So, Mike and I started building a tool that would help these companies comply with these new regulations and ultimately put users everywhere in control of their data.
That tool evolved into what is now Transcend, a comprehensive platform that helps the world’s largest companies better govern their data. We started out by making it easy for companies to respond to data privacy requests, and the platform now includes tools that streamline consent management, data mapping, risk assessment, and most recently, provide a governance layer for AI, via Pathfinder. Pathfinder provides a single technical control for data going into large language models, and the data coming out, giving companies technical guardrails to adopt new AI technologies with confidence. Altogether, our platform allows companies to implement privacy and AI governance solutions at scale, effectively governing massive volumes of user data and making sure all data collection and usage comply with the latest in relevant regulations and requirements.
Drenik: Policies like GDPR and CCPA have certainly impacted how companies approach data privacy – would you say most companies are up to speed on compliance?
Brook: It can be a challenge to stay up to date given how quickly space is evolving, but the more pressing challenge is that it’s nearly impossible to be fully compliant everywhere. New policies and regulations are being released and revised on a near-constant basis. Especially in the U.S., states are rapidly following California’s lead and implementing their own modern privacy laws, each with its own nuances. On top of that, most companies today have some interaction with consumers globally and must keep a watchful eye on developments like that of the EU-U.S. Data Privacy Framework, which in itself is a bit of a moving goalpost (the previous iteration of this self-certification framework was known as Privacy Shield, and it got struck down in court via Schrems II).
The status quo is to approach data privacy with a manual ‘humans can solve it’ mindset—relying on surveys to understand where data is held, human-dependent workflows to gather personal data (costly and error-prone), or human actions to ensure data preferences are fully honored (if at all). This is bad for business and bad for budgets, but more importantly, it’s bad for the privacy of internet users everywhere.
At Transcend, we’re taking a radically different approach by taking an engineering-first approach with novel technical approaches to governance, consent, data orchestration, and more.
Drenik: What are some common practices or tools companies often lack in this area?
Brook: Companies that are trying to govern their data through their own internally built systems will likely find gaps in their compliance. These gaps aren’t always intentional or for lack of trying.
For example, when looking at the “Opt-out” data preference menus – courtesy of CCPA regulations – you’ll often find what we call “dark patterns” which can significantly, and often effectively, influence consumers to make decisions counter to their true preferences. Think trick questions, misleading information, hidden details, strategically placed color blocks, and fonts designed to manipulate consumer behavior. Even if unintended, the use of dark patterns can confuse consumers and cause them to make decisions they otherwise wouldn’t.
Our mission is to put control back in the consumers’ hands by giving companies the infrastructure they need to manage compliance, deliver a better experience online, and give users the right to manage their data and consent as they see fit. The Privacy Request Automation product is one tool we’ve developed to do this. With Privacy Requests, companies can implement a comprehensive platform that allows them to delete, return, or modify a user’s data or preferences across their tech stack, within a matter of minutes, and without human intervention. Companies like Patreon and Indiegogo use this product today.
Drenik: How should brands think about consumer control when it comes to data privacy?
Brook: It’s in a brand’s best interest to give consumers complete control over their data privacy. Especially since the Cambridge Analytica-Facebook scandal broke out in 2018, consumers have become more aware of where their data is going and less trusting of companies and platforms. A recent Prosper Insights & Analytics survey found that more than 64% of people over 18 years old in the U.S. have concerns about the privacy of their personal identity online, and Ipsos found that 43% of customers would actually switch from their preferred brand to a second-choice brand if they provided a good privacy experience.
By openly sharing their data collection practices, brands can empower people to make informed choices about their personal information (while walking the walk when it comes to a commitment to ethical and responsible use of data, fostering greater trust).
Drenik: How is the emergence of AI affecting data privacy?
Brook: AI has definitely created new challenges when it comes to data privacy and governance. Businesses today are developing or leveraging generative AI tools to stay competitive, or they’re thinking about it, and with that comes a whole new set of concerns and risks around data governance. Without the right safeguards, AI tools can expose companies to risks around confidentiality, data privacy, consumer safety, brand trustworthiness, and intellectual property.
A major concern lies in the data that’s going both in and out of AI models. To be able to safely use AI without risk, there needs to be technical guardrails that prevent the sharing of confidential information, make sure user information is delivered correctly, and avoid sending protected data to third-party large-language models (LLMs) that use datasets to train AI and generate content.
In response to this, Transcend launched Pathfinder, an AI governance software that enables better technical safeguards for enterprise AI. With the tool, companies have a single technical control for the data going into AI models, and the data coming out. It also gives companies a unified view of their AI deployments, enabling better auditability and risk management. And, to better streamline compliance, teams will be able to customize Pathfinder’s architecture with monitoring, alerts, and predefined policies that help make sure the necessary governance controls are applied.
Drenik: What would you say legislators and regulators should consider as new policies?
Brook: Existing federal law does a good job of covering most negative outcomes, and existing regulators have made it clear they can police generative AI… except for privacy, where there’s a big gap in the law. We do not have a comprehensive privacy law at the federal level and passing ADPPA or similar would solve that.
Drenik: Thank you for taking the time to discuss AI governance and data privacy. It was interesting hearing about current trends in tech and how Transcend is helping companies in this area. I look forward to keeping up with what’s next for your company!
Read the full article here