Abstract
The increasing complexity of data ecosystems demands advanced methodologies for systematic privacy risk assessment. This work introduces two complementary metrics-the privacy risk expansion factor (PREF) and the privacy exposure index (PEI)-to evaluate how architectural decisions influence the exposure and distribution of sensitive data. Several representative use cases validate the methodology, demonstrating how the metrics provide structured insights into the privacy impact of distinct design choices. By enabling comparative analysis across architectures, this approach supports the development of privacy-first data ecosystems and lays the groundwork for future research on dynamic, AI-driven risk monitoring.