Privacy violations increasingly result from personal-data processing by a convoluted set of actors that collaborate in complex data ecosystems. These data ecosystems comprise numerous socio-technical elements and relations, and their opacity often obscures the manifold reasons for privacy violations. Therefore, researchers and practitioners call for systematic approaches that allow for decomposing data ecosystems in order to receive transparency about the opaque data flows and processing mechanisms across actors. This paper positions architectural thinking as a reasonable means for this need. By collecting key privacy concerns of business and regulatory stakeholders and developing a corresponding data ecosystem architecture meta-model, we provide first steps for extending the scope of architectural thinking to the privacy context. Our results are based on a mixed methods approach, which triangulates data received from a multiple case study of privacy scandals and from 14 expert interviews.