At some point though, a thought came to me -- what does a good tech stack look like? What kind of benchmark or best practice should I advise clients on? How can data controllers do things in a privacy-preserving way? And so I asked Noyb, CNIL and the Austrian DSB if they would, in the interests of transparency, share their tech stacks and best practice. It didn't go well.