PRIVACY ENGINE
> PRIVACY-CENTRIC DATA FRAMEWORK // GLOBAL STREAMING COMPLIANCE
A simulated global privacy data framework demonstrating the full lifecycle of personal data in a streaming entertainment service — from ingestion and automated PII classification, through consent management and DSAR fulfillment, to retention enforcement and privacy-preserving analytics.
The framework models 20 jurisdictions across GDPR (EU), CCPA (California), LGPD (Brazil), PIPA (South Korea), PDPA (Singapore/Thailand), and PIPL (China) — each with jurisdiction-specific consent rules, DSAR SLAs, and data retention requirements.
DATA CLASSIFICATION
Automated PII tagging at the column level
PUBLIC / INTERNAL / CONFIDENTIAL / RESTRICTED
CONSENT MANAGEMENT
Jurisdiction-aware consent state tracking
GDPR opt-in vs CCPA opt-out vs LGPD legitimate interest
DSAR FULFILLMENT
End-to-end request pipeline with SLA tracking
ACCESS / DELETION / PORTABILITY / RECTIFICATION
RETENTION ENFORCEMENT
Policy-driven data lifecycle management
Conflict detection: regulatory minimum vs privacy maximum
Demonstrates that useful analytics are achievable without exposing personal data. Custom dbt macros enforce k-anonymity thresholds — suppressing groups with fewer than 5 individuals — and PII hashing for pseudonymized analysis.
Privacy-safe marts provide jurisdiction-level consent rates, DSAR SLA compliance, and retention coverage metrics without any user-level data exposure.
DATA LAYER
PostgreSQL 16 — analytical database
dbt Core — 20 models across 3 schemas
Python + NumPy/Faker — synthetic PII generation
Custom macros — hash_pii(), suppress_small_groups()
PRESENTATION LAYER
Metabase OSS — compliance dashboards
Streamlit — Privacy Explorer interactive app
20 jurisdictions × 6 consent purposes modeled
k-anonymity and PII pseudonymization