"We couldn't operate their business and continue collecting data from their customers, while continuing to meet our own high standards as a global company."
My hunch as an outsider is that Smyte wasn't GDPR compliant. Their leadership knew it, they knew they couldn't easily become so (for instance, they may have been using Kafka in a way where compaction wouldn't help, and didn't want to build an encryption-based monstrosity [0]), realized that they wouldn't increase in value as a business due to that risk, took an acquihire for cheap in order to give their employees a decent landing and give a return to their investors, and couldn't tell anyone about these plans in advance because it might jeopardize the transaction.
EDIT: They were indeed using Kafka per [1], and due to the strict latency requirements on their business, that may have ruled out the type of encryption scheme in [0].
I've seen lawyers advice that [0] doesnt do the trick anyway, ie deleting the key is not enough to comply.
GDPR does seem like the most likely culprit here, if they've been planning an aquihire for a while it wouldn't have been worth implementing GDPR and Twitter likely made it a condition that the service is shut down before the acquisition completes
I'm quite surprised none of the cloud vendors were interested/could offer more than Twitter for this team though, seems like a logical service to add.
That's a good thought. The only good reason to shut them down so abruptly is if they posed an existential threat to Twitter itself. The threat of GDPR fines or sanctions might have done it.
I still don't get why they couldn't just come out and say that. Was incompetence and unprofessionalism really a better look then a understandable engineering challenge? Or was this another case of "being honest and doing the right thing would have created legal liability so we opted not to do it"?
Presumably because Twitter was interested in the project, but didn't need the actual implementation immediately. Get the team on the cheap for now, and then just have them rebuild it in-house in a compliant way.
My hunch as an outsider is that Smyte wasn't GDPR compliant. Their leadership knew it, they knew they couldn't easily become so (for instance, they may have been using Kafka in a way where compaction wouldn't help, and didn't want to build an encryption-based monstrosity [0]), realized that they wouldn't increase in value as a business due to that risk, took an acquihire for cheap in order to give their employees a decent landing and give a return to their investors, and couldn't tell anyone about these plans in advance because it might jeopardize the transaction.
EDIT: They were indeed using Kafka per [1], and due to the strict latency requirements on their business, that may have ruled out the type of encryption scheme in [0].
[0] https://danlebrero.com/2018/04/11/kafka-gdpr-event-sourcing/
[1] https://www.youtube.com/watch?v=6ByXQfIq5uU