In recent years, consumers, regulators, and commercial companies (like Apple) have raised the issue of privacy to the public, and as a result, technology companies must meet stricter regulatory conditions, or be punished accordingly. Though this is a positive thing for end users, developing such things is quite a pain for companies, and one Israeli startup wants to help.
Great for users, headache for development
Today's companies must meet tough regulatory conditions when it comes to user privacy. Among other things, they must collect information only on a legal basis, keep it secure, remove it after predetermined time periods, allow users to remove themselves from the database, ensure that sharing information with a third party is done in accordance with the law, and make sure that the physical storage location of the data meets proper requirements. But in a world that is almost entirely run in the cloud, through many SaaS services and a complex supply chain, the management and control of this information is extremely challenging.
In a conversation with Geektime, Dr. Uzy Hadad, co-founder and CEO of Privya, said that today, the privacy and information security managers use questionnaires and interviews with the developers to get a partial picture of the information collected, where and how it is stored, and whether all steps have been taken to maintain privacy principles, as are stated in various privacy laws, and as companies legally commit to their customers. "This process is complex; there is a language gap between the tech and privacy people, each department has different goals and different needs, and there is quite a bit of frustration during development, especially when developers are asked to fix privacy matters after the product is already running in production," says Hadad.
The Israeli startup Privya, which he heads, wants to replace this manual work by "translating" the legal requirements into context within the development process. For this purpose, the company developed a code scanner, based both on understanding flow, the programming language, and machine learning: "We developed a taxonomy and a broad database for frameworks and third parties, which provides us with a unique capability, and we 'translated' the privacy requirements of the GPDR, CCPA and CPRA (the privacy laws of Europe, the U.S. and California respectively) to clear language for programmers for better context in their work with the sensitive data."
So, what is the difference between you and a service like OneTrust?
"They are more concerned with the questionnaires, which help the privacy managers to get a breakdown of the requirements they must fulfill to comply with the regulation."
Privya.ai was founded in 2021 by Dr. Uzi Haddad (CEO), Arthur Garmider (CTO) and David Segev (CRO). It has just emerged from stealth with a seed round of $6 million led by Hyperwise Ventures with the participation of Avery More (ORR Partners), Eyal Waldman (founder of Mellanox), Giora Yaron (Chairman of Itamar Medical), and Harel Kodesh.