Global Privacy Platform (GPP)

Problem

With evolving global privacy laws like the EU's DSA/DMA, Amazon needed a centralized, scalable, and low-latency platform to manage user consent and enforce data privacy policies consistently across all its business units, including Ads, Retail, and Devices.

My Role

As the Technical Product Manager, I was responsible for defining the product requirements for the core rules engine of the GPP. I translated complex legal and regulatory mandates (DSA/DMA) into actionable user stories and technical specifications for the engineering team. I managed the product backlog, prioritized features based on compliance deadlines and business impact, and served as the key liaison between engineering, legal, and over 20 stakeholder business units to ensure a successful, on-time launch.

Solution

We built a Tier-1 centralized privacy service featuring a REST API-based rules engine. This platform provides real-time user consent evaluation, enabling over 20 Amazon business units to make compliant decisions on data processing. The system is designed for high availability and low latency to handle millions of operations per day without impacting customer experience.

Key Features

• Sub-5ms latency REST API for real-time consent checks.
• Scalable architecture serving millions of daily operations.
• Centralized rules engine for consistent policy enforcement.
• Comprehensive audit logging for governance and audit readiness.

Tech Stack

Java, AWS (Lambda, DynamoDB, API Gateway), REST APIs.

Impact

• Successfully enabled EU DSA/DMA compliance for Amazon.
• Onboarded 20+ business units, ensuring consistent privacy standards.
• Processes consent evaluations for over 500 million users globally.