In the latest installment of our Privacy Protectors Spotlight series, we are excited to feature privacy strategist and advocate Merry Marwig.
Merry Marwig is a privacy expert, researcher, and communications leader whose work spans regulatory strategy, operational privacy, and consumer data rights. She is the Vice President of Global Communications and Advocacy at Privacy4Cars, where she helps shape public understanding of vehicle data privacy.
Marwig is also the co-founder of The Privacy Exchange, a peer community for privacy professionals, and a volunteer advisor to the Plunk Foundation. Across her career, she has been a consistent voice for turning privacy into a practical, people-first discipline.
From Personal Risk to Professional Mission
Marwig’s path into privacy was not the result of a long-planned career move. What began as a passing conversation at a conference became the starting point for a career centered on restoring individual agency and accountability in how personal data is handled.
In 2017, Merry Marwig attended a hospitality tech conference in Toronto. At the time, she wasn’t a privacy professional. She was simply an attendee who kept hearing one acronym repeated across nearly every session: GDPR.
Curious, she turned to the person next to her and asked what it meant. The answer changed her career. The European Union’s new General Data Protection Regulation represented a fundamental shift in how data rights were defined. For the first time, individuals could demand that companies delete their personal information.
For Marwig, this wasn’t abstract. She was dealing with the aftermath of stalking and felt she had no control over the commercial data tied to her identity, especially her location information. Learning that a regulatory framework could compel companies to delete that data felt like a lifeline.
“What the GDPR gave me was hope,” she said in an interview with Red Clover Advisors. She viewed it as a way to restore individual agency, not merely another compliance obligation for businesses.
That moment sparked a hard pivot and Marwig committed fully to privacy as a professional discipline. She viewed the new wave of regulation as a long-overdue upgrade for both consumers and businesses.
This forward-looking perspective, where privacy is a vehicle for trust rather than a hurdle to be cleared, became the foundation of her professional career path.
“Privacy is about individual people’s rights,” Merry explained in a recent episode of the Cyber Empathy podcast. “We want control over our identity.”
Building a Privacy Career From the Ground Up
After discovering the power of privacy in 2017, Marwig built a career around connecting two worlds that rarely speak the same language: data rights and business strategy.
She began her journey at G2, where she led research on emerging privacy and cybersecurity software. In this role, she developed technology taxonomies, published thought leadership, and helped businesses understand how privacy tools could support both compliance and brand reputation. Her work shaped how thousands of organizations evaluate and select tools for data protection.
In 2022, she joined DataGrail as a Privacy Consultant, supporting the company’s go-to-market efforts. There, she acted as a subject-matter expert for the sales and marketing teams, helping craft messaging, educate internal teams, and support privacy-related decisions on product direction. Her role focused on enabling prospects, customers, and colleagues to understand how privacy drives value and reduces risk, rather than advising on internal privacy programs.
To deepen her expertise, Marwig pursued a suite of certifications, including CIPP/US, CIPM, and the FIP (Fellow of Information Privacy) designation. She also earned a credential in Logical AI Governance, reflecting her growing interest in responsible AI and algorithmic transparency.
Today, she serves as Vice President of Global Communications and Advocacy at Privacy4Cars. Her work focuses on advancing privacy protections in the automotive sector, a space where personal data is increasingly collected but often overlooked. Whether she’s advocating for policy reform or helping define privacy messaging for the company, Marwig brings a clear and consistent focus: helping both businesses and consumers understand why privacy matters, and what to do about it.
“As a privacy pro, I LOVE working with auto professionals,” Marwig said on LinkedIn. “WHY? Because people are very driven in the automotive industry (yes, pun intended!). People in auto demand excellence of themselves and others. People in auto demand excellence of themselves and others. People aren’t afraid of hard work.
Lots of people in auto are innovators and it’s very exciting to be around that kind of energy. You might be asking…well…isn’t automotive a bit behind in privacy though, Merry? Yes. And, that means there is opportunity to make things *better* and that’s what is so cool about my job.”
Building Community, Sharing Knowledge
Beyond her corporate work, Marwig has focused on strengthening the privacy profession itself. She is a co-founder of the Privacy Exchange, a peer-driven community designed to give privacy professionals a space to learn from one another, share practical insights, and navigate a rapidly changing field together.
The Privacy Exchange hosts ongoing conversations and events that emphasize real-world experience over theory. Through formats like its Show and Tell sessions, privacy practitioners discuss the challenges they face in their day-to-day work and the approaches they’ve found effective.
As Marwig has shared publicly, the goal of the community is not to present privacy as an abstract discipline, but as a shared practice shaped by people doing the work. That focus on peer learning reflects Marwig’s broader philosophy. Privacy improves when professionals are equipped, connected, and supported, not when they operate in isolation.
In addition to building peer communities, Marwig also creates regular video content to keep the privacy conversation moving. Her Privacy Snacks series on LinkedIn offers bite-sized updates on breaking news, including regulatory developments, industry shifts, and enforcement trends. Each video distills complex issues, like changes to data broker laws or geolocation privacy, into short, accessible insights that privacy professionals can absorb in just a few minutes.
These weekly updates reflect Marwig’s commitment to making privacy more approachable and actionable. Her goal is not just to report what’s happening, but to equip others with the context they need to respond with confidence.
Why Privacy-First Brands Will Win the Future
At the center of Marwig’s approach is a fundamental shift in perspective. She treats privacy as a strategic advantage rather than a compliance exercise. Most companies treat privacy like a box to check. Marwig sees it as the foundation for trust, loyalty, and long-term business success.
“Trustworthy brands will win the future,” she says. In other words, stronger data rights aren’t something to fear. They’re a chance to stand out. In her view, privacy should be as routine as finance or security. And companies that handle data with care can earn lasting trust in a market where customers have started paying attention.
But trust can’t be claimed. It has to be earned through discipline. A privacy policy means nothing if it isn’t backed by execution. What matters is how privacy shows up in day-to-day workflows, product decisions, and team processes. That means building systems with clear accountability and integrating privacy from the start.
One of the most proactive steps a company can take in this regard is data minimization. Marwig advises organizations to stop collecting information they don’t actually need. Every unnecessary data point increases the risk of misuse, breach, or regulatory trouble. When companies commit to collecting only what’s essential, they reduce their exposure and make it easier to secure the data they do hold.
“There are now greater costs to holding sensitive consumer data than ever before,” Marwig wrote in a G2 blog post. “Not only does a company risk fines in the case of leaked or hacked data, but there are real costs associated with processing consumer requests for their personal data.”
“Before keeping or collecting new data, companies must assess the value and risk of that data to their business. For example, is it necessary for a company to keep middle names on file to process retail orders? If not, get rid of that data.”
Proactive deletion is another key safeguard. Instead of waiting for audits or incident response, Marwig encourages teams to build deletion into the data lifecycle. If information no longer serves a clear business purpose, it should be removed automatically. This not only reduces risk, but also sends a message to customers: your data isn’t being held onto just in case. It’s being treated with care and purpose.
For Marwig, a privacy-first company builds trust by doing the right thing before regulation demands it, rather than reacting to each new rule as it appears. Companies that take privacy seriously avoid penalties while also gaining a strategic edge with customers, regulators, and investors.
The Hidden Risk Sitting in Your Car’s Dashboard
Marwig’s philosophy comes to life in the automotive industry, where a quiet but urgent privacy risk is hiding in plain sight. Modern vehicles function like computers on wheels, logging contact lists, text messages, call history, precise location data, and even banking credentials.
When a rental car is returned or a fleet vehicle is resold, that sensitive data often stays behind, stored in the infotainment system and accessible to whoever uses the car next.
“Four out of five cars today are resold with the personal data of prior drivers and passengers, including call logs, contacts, home addresses, payment details, messages, and more,” Marwig explained in a recent LinkedIn post. “Personal data left unencrypted and undeleted in cars represents one of the EU’s largest unreported data breaches in violation of GDPR, affecting millions of Europeans who buy, sell, lease, rent, or are in car collisions every year.”
At Privacy4Cars, Marwig helps turn this blind spot into an operational standard. She advocates for a simple principle: if you wouldn’t resell a laptop without wiping it, you shouldn’t resell a car that way either. Her work focuses on building deletion into the process. With tools like AutoCleared™, she helps companies implement a “wipe at handover” policy that is quick, verifiable, and built into procedures.
Beyond the driver experience, proactive data deletion protects companies from reputational and legal fallout.
Marwig pushes businesses to treat vehicle data with the same rigor as any digital asset. That means applying the same policies used for decommissioned servers or company phones. The goal is to eliminate risk before it becomes a breach or a headline.
By getting ahead of the problem, Marwig shows how privacy can move from theory to practice. She turns a hidden vulnerability into a routine safeguard, one that protects people, reduces legal exposure, and earns trust along the way.
The Data Broker Problem Hiding in Plain Sight
Beyond internal systems and connected devices, Marwig has been vocal about the broader and more opaque risk: the data broker ecosystem. This system consists of companies that collect, aggregate, and resell personal information about individuals they have no direct relationship with, often without those individuals realizing it is happening.
In a recent appearance on the Cyber Crime Junkies podcast, Marwig explained that people rarely understand the downstream consequences of sharing data with a single service, especially when that data is quietly passed along to hundreds of unknown third parties:
“I think consumers are actually okay sharing personal information with brands. The problem is that they’re not okay with that data then being shared with hundreds of other parties or downstream data partners. That’s what consumers don’t understand. It’s not just sharing information with the app or brand they’re using. It’s all of the data partners downstream. If I give my data to one company, it may go to 50 partners, or 500 partners, and then to hundreds more after that. Pretty soon, your personal data is everywhere.”
Once personal data enters the data broker economy, it becomes difficult, and often impossible, to track where it travels or how it is used. Information is copied, enriched, and resold across a complex web of intermediaries, far removed from the original context in which it was collected.
Privacy protection cannot rely solely on notice and consent. It must also focus on limiting unnecessary data collection in the first place and reducing how widely data is shared once it exists. The more personal information that circulates beyond its original purpose, the greater the risk of misuse, exposure, and loss of trust.
Conclusion
Merry Marwig’s work underscores that privacy risk does not live neatly inside policies, systems, or compliance frameworks. It follows people across platforms, partners, devices, and data ecosystems that extend far beyond a single company’s walls.
Marwig consistently focuses on downstream consequences rather than surface-level compliance. She asks not only whether data collection is allowed, but whether it is necessary, ethical, and defensible once that data leaves its original context and begins circulating beyond an individual’s control.
Through her leadership at Privacy4Cars, her community-building work with The Privacy Exchange, and her ongoing efforts to make privacy concepts accessible through education and communication, Marwig has helped push the privacy conversation toward something more practical and more honest. Her work emphasizes execution over intention, foresight over reaction, and accountability over abstraction.
In doing so, she reminds privacy professionals and organizations alike that trust is not earned through notices, policies, or promises alone. It is earned through everyday decisions about what data is collected, how long it is kept, where it travels, and whether its continued use can truly be justified.
At Optery, we are greatly inspired by Merry Marwig’s work and are happy to spotlight her for her outstanding contributions to privacy protection.
Connect with Merry Marwig and her work:
Stay tuned for more features in our Privacy Protectors Spotlight series and follow Optery’s blog for further insights on safeguarding your personal information.