# Marcus Veld, Head of Product Engineering at Imara Spatial — read of PrivacyShield AR, June 14 2026

> "11 years in mobile SDK development, last 3 fully in spatial computing. We ship enterprise smart glasses software to hospital networks in Germany and the Netherlands."

## How I got here

Googled "GDPR biometric data smart glasses compliance 2026" after our legal counsel in Amsterdam sent me a 4-page memo about EDPB enforcement signals on AR vendors. I was looking for either a tool or a consultant. This came up on page two. The domain name was specific enough that I didn't dismiss it immediately.

## What I clicked first

The problem section actually landed. "Your engineering team lacks privacy-by-design tools. Your legal team cannot document compliance for data protection impact assessments." That is literally the exact fight we had internally last quarter. No inflation there. Someone wrote that sentence knowing something real.

The line "sits between your AR framework (Apple ARKit, Google ARCore, WebXR) and your backend infrastructure" is the clearest SDK pitch I have read in this space. One sentence. I knew immediately what the architecture was. That is rare.

## Where I paused

The scoring block stopped me cold. "56/100 Adoptability. $-63,000 Year-1 take-home (Fermi). 1 in 12 meaningful-success odds." I read it three times. I genuinely did not understand who this information is for. I am a buyer looking at a product page and suddenly I am reading a VC memo about someone else's business prospects. It broke the entire reading experience. I had to re-orient and figure out what this page actually was.

## What I distrusted

The line "we don't have live customers on this idea yet" is doing a lot of honesty work, but it also revealed that I was not on a product page at all. I was on a marketplace page for a packaged idea. The hero talks about an SDK. The footer sells a dossier for $5 and a "code starter" for $99 to $199. Those are not the same thing. The page never cleanly signals the transition. I finished reading still unclear whether PrivacyShield AR exists as working code or whether the $99 buys me a Notion doc and a boilerplate repo.

"Multi-Jurisdiction Ready" with no named certifications, no DPA consultation history, no mention of any actual anonymization approach (what algorithm, what benchmark, what false-positive rate on face detection in clinical settings) is where the substance drops off. Saying you meet "GDPR Article 32 technical safeguards" is a claim that requires either a DPA audit letter or a published methodology. Neither appears.

## What would convince me

A 10-minute video of the SDK running in an ARKit app intercepting face geometry data before it hits the network. Real data. Real frames. Show me the blurring on a face that's partially occluded. Show me the consent modal firing mid-session. That would do more than any copy on this page.

Alternatively: a single named DPA (any German or Dutch Landesbehörde) that has reviewed the audit export format and confirmed it satisfies Article 30 documentation. One letter, one name, one date. That is the evidence that closes the gap between "claims compliance" and "is compliant."

## What I'd ask in an email reply

1. The SDK description implies on-device data interception. Does that require any modification to the ARKit/ARCore pipeline itself, or does it hook into standard delegate methods? I need to know the integration surface before I touch anything.

2. Our hospital deployments process identifiable patient biometric data under both GDPR and national health data regulations in Germany. Does the anonymization layer carry any formal certification, or is it self-attested?

3. What exactly is in the "$99 code starter"? Is this a working SDK codebase I can review and modify, or is it scaffolding and documentation? I am not going to pilot a compliance product built from a template without reading the actual implementation.

## Verdict: on-the-fence

The problem framing is the most accurate I have seen in this niche, and someone clearly spent time understanding the EDPB enforcement landscape. But the page is trying to be two things at once, a product pitch and an idea marketplace listing, and it succeeds at neither fully. If someone responded to a direct email and could explain what actually ships and what the legal basis for the compliance claims is, I would take a 30-minute call.

---
*Memo by skeptic persona, generated 2026-06-14. Studio breaks own self-grading loop.*
