Privacy Engineering in the Data Mesh: Towards a Decentralized Data Privacy Governance Framework

Privacy engineering, emphasizing data protection during the design, build, and maintenance of software systems, faces new challenges and opportunities in the emerging decentralized data architectures, namely data mesh. By decentralizing data product ownership across domains, data mesh offers a novel paradigm to rethink how privacy principles are incorporated and maintained in modern system architectures. This paper introduces a conceptual framework that integrates privacy engineering principles with the decentralized nature of data mesh. Our approach provides a holistic view, capturing essential dimensions from both domains. We explore the intersections of privacy engineering and data mesh dimensions and provide guidelines for the stakeholders of a data mesh initiative to embed better data privacy controls. Our framework aims to offer a blueprint to ensure robust privacy practices are inherent, not just additive, during the adoption of data mesh.