She handed out cards with different user identities: “Anoushka, 16, shares art online.” “Mr. Davies, 72, uses your app to video-call his doctor.” “Lea, a journalist in a country with strict speech laws.”
“You can fix a bug in a week,” she told the board, her voice calm but absolute. “You take a decade to rebuild a broken trust.”
Her journey began not in a computer science lecture hall, but in a cramped, brightly lit legal library at a state university. Growing up as the daughter of two librarians, Steffi had learned early that information was powerful, but misused information was dangerous. She watched her mother navigate the early days of the internet, carefully teaching patrons which websites to trust and which to avoid. That childhood lesson became her life’s mission. Steffi Sesuraj
Steffi knew she had to change their minds. She didn’t march into the boardroom with legal threats. Instead, she brought a stack of index cards.
Today, she runs her own non-profit that teaches children how to protect their digital shadows. And on her website, beneath her list of awards and patents, is the same quote from her mother that she’s kept since law school: “You don’t own the information. You merely borrow it for a while. Be a good borrower.” She handed out cards with different user identities:
The backlash, when it came, was brief. The public, exhausted by corporate cover-ups, was stunned by the honesty. News headlines read: “Company Messes Up, Then Does the Unthinkable: Tells the Truth.” The stock dipped for a day, then soared as the company was hailed as a new gold standard for digital ethics.
In the sprawling, humming campus of a leading tech giant in Silicon Valley, where jargon like “synergy” and “disruption” hung in the air as thick as the scent of cold brew coffee, Steffi Sesuraj was known for two things: her encyclopedic knowledge of data privacy law and her uncanny ability to explain it without putting anyone to sleep. Growing up as the daughter of two librarians,
She drafted a radical transparency report: a full, public disclosure of the vulnerability, a step-by-step guide on how to delete the compromised data, and a free, in-person data clinic for affected users. The board thought she was insane.
After law school, while her peers flocked to corporate mergers and intellectual property battles, Steffi dove headfirst into the then-niche world of data privacy. She pored over the dense, 88-page text of the General Data Protection Regulation (GDPR) like it was a thriller novel. While others saw compliance checklists, she saw a framework for dignity.