5 questions with WaToo’s CEO, Javier Franco-Contreras

September 25, 2020

We are continuing our series of interviews with people who leverage data in their everyday work. In the first episode, we discussed data access with M Science's Head of Data Acquisition. This time, Statice’s co-founder Omar sat down with Javier Franco-Contreras, CEO and co-founder of WaToo, to discuss data protection and watermarking technology. 


Tell us a bit about you Javier, your background, and what you do.

I’m Javier Franco-Contreras, CEO and co-founder at WaToo, a French start-up fighting against sensitive data leaks by insiders or trusted parties. I hold a Ph.D. in database protection by means of watermarking (research work that is at the origin of WaToo).

Our solutions allow embedding an invisible TAG into data or documents when accessed by insiders or shared with trusted third-parties (kind of a fingerprint of the receiver). This TAG represents at first a deterrent element against data leaks (“hey, we are sharing these data with you. Do not post the online as you will be identified”). You can see this as an NDA 2.0, as in case of leak or disclosure, the perpetrator can be uniquely identified and accounted for.

Inside the company, I still do a little bit of everything, as every start-up CEO at the beginning, I guess. I manage the development team, regularly work with the sales team, look for potential investors, etc. No time to be bored!

How do you see WaToo's technology, and data watermarking in general, as an innovation-enabler for organizations?

The future of innovation is cooperation, with organizations of different origins, sectors and sizes working together to progress faster. The main issue in that context is trust. How can I share my data or documents with my partners and be sure they will not disclose them or use them in other contexts? Contracts or NDA’s are not enough, as our partner can deny responsibility for the incident.

WaToo solutions provide tracing and accountability capabilities (being able to identify in a precise way the user/organization at the origin of the leak) that helps organizations reinforce this trust.

We hear a lot about data breaches and hacks. Still, one thing we forget, is that a significant number of data breaches have an internal source. How do you see this evolving and what are organizations doing about this?

61% of companies experience insider attacks, with an increase in the number of insider attacks of 47% since 2018. This is a real issue, as insider attacks are usually harder to detect. Companies still focus on Data Loss Prevention (DLP) solutions, which try to avoid data leaks, but in these times when information is really dispersed, these kinds of solutions are, in some way, limited.

I personally think that these solutions must be combined with Data Loss Detection (DLD) solutions, that find leaked data (I can think of some French companies such as Aleph Networks who are working on that) and identify the source of the leak (that’s what WaToo does) as fast as possible. Time is money when we talk about identifying and containing a data breach.

From your experience, what are the main challenges facing large organizations in their day-to-day work involving data? How do you see the balance between the Risk vs. Opportunity at play?

The future of nearly every activity sector is data. That implies that organizations need to share, store, and analyze data securely. And all this in a context where the number of cyber incidents increases and where privacy legislation hardens. From my point of view, the main challenges are:

  • Privacy-preserving data processing (with synthetic data, homomorphic encryption, …)
  • Data traceability and traitor tracing (good progress on this by means of blockchains, watermarking, but there is still a long way to go)
  • Data protection at rest will always be a challenge, as it is a never-ending battle between attackers and organizations.
In the recent Schrems II, the Court of Justice of the European Union (CJEU) invalidated the EU-U.S. Privacy Shield. How do you see this impacting privacy practitioners' missions?

The fact of not being able to continue sending personal data collected in Europe to the USA will necessarily have an impact for privacy professionals. Companies that currently use storage servers based in America will have to either completely anonymize the transferred data (which could not be enough) or change their storage service provider. This will also have an impact in the development of sovereign clouds in Europe, fostering current initiatives such as GaiaX.

Thank you, Javier! You can learn more about WaToo’s solutions by visiting their website. Don’t forget to sign up for our newsletter to receive our latest articles and interviews!


Wondering if this is for you?

Book A DEMO