Sesuraj | Steffi

It was a radical shift. Suddenly, privacy wasn’t a legal shackle. It was a design challenge. The team started building “privacy by default” settings, simplified data download tools, and clear, cartoonish icons that told users exactly what data an app was using, in real time.

Steffi knew she had to change their minds. She didn’t march into the boardroom with legal threats. Instead, she brought a stack of index cards. Steffi Sesuraj

Steffi refused.

Her big break came when a social media startup, reeling from a public breach of user location data, hired her as their first Data Protection Officer. The engineering team saw her as a “no” person—a roadblock. The CEO saw her as a necessary evil. It was a radical shift

Her most famous case, however, came when a major smart-home device company discovered a vulnerability that had been silently recording snippets of private conversations. The company’s legal team wanted to bury the report, issue a quiet patch, and hope no one noticed. The team started building “privacy by default” settings,

“You can fix a bug in a week,” she told the board, her voice calm but absolute. “You take a decade to rebuild a broken trust.”

She handed out cards with different user identities: “Anoushka, 16, shares art online.” “Mr. Davies, 72, uses your app to video-call his doctor.” “Lea, a journalist in a country with strict speech laws.”