This post is the fourth blog post in a seven-post series. If you want to see all the posts in the series check out Recap: Privacy Engineering Practice and Respect 2020.
The three PEPR 2020 talks on product privacy are:
- Product Privacy Journey: Towards a Product Centric Privacy Engineering Framework
- Wikipedia and the Lean Data Diet
- Privacy Professional Boss Mode
Product Privacy Journey: Towards a Product Centric Privacy Engineering Framework
In Product Privacy Journey: Towards a Product Centric Privacy Engineering Framework, Igor Oliveria presents a few new privacy frameworks to be used in the product development lifecycle. In addition to the well-known Privacy by Design framework and Data Ethics, Igor puts forth their Product and Privacy Principles:
- No choice is forever
- Context is key
- Sharing should add value
- Plain language empowers
- Tricks erode trust
- Personal data belongs to individuals
Because people change their minds, you should create controls that are easy to find and adjust. Ask for users' permission to share data where the consequences are most relevant and obvious to users—use plain language to describe this. Consumer experiences should work well without sharing their personal data. Avoid dark patterns and leading statements about privacy. Finally, the data you collect about users is their data.
Finally, Igor presents the Product Privacy Journey which is comprised of five stages and prioritizes privacy in all stages of product development: Inspire, Acknowledge, Conceive, Implement, and Validate. You should understand how the product (and privacy features) inspire consumers and their expectations of privacy. Design the product with privacy in mind and implement privacy from the ground up. Finally, validate that the choices and decisions you've made follow the requirements you've established.
Wikipedia and the Lean Data Diet
In Wikipedia and the Lean Data Diet, Nuria Ruiz introduces the Lean Data Diet used at Wikipedia, which focuses on data minimization and taking privacy into account from start to finish. Importantly, Nuria says this cannot be accomplished by a single team and requires a wider culture of privacy.
Wikipedia's privacy notice says you should be able to: read or edit without an account, register an account without a name, email, or other information, that your data will never be sold or shared with third parties, and after at most 90 days, data will be deleted, aggregated, or de-identified. This serves as the baseline for the Lean Data Diet.
The Lean Data Diet focuses on computing metrics in a privacy-conscious way by aggregating and deleting a lot of data, so that it can be released publicly. For web requests, they use an allow-list mechanism to ensure only pre-approved fields are made public e.g., the date a request was made, what the action was, etc. If a new field is added to the response that isn't allow-listed it will be dropped. Additionally, some fields may be "bucketed" by changing an IP address to a country-level identifier (e.g., Spain) or updating a specific user agent string to something more generic (e.g., Linux). She also discusses a clever mechanism to calculate Daily Active Users and Monthly Active Users without unique identifiers.
Nuria finishes by summarizing the pros and cons of a Lean Data Diet. As pros, responding to data requests from law enforcement or other organizations is relatively simple (they just don't have the data). It's also easier to make data public because of its already sanitized and minimized nature. Most importantly, Wikipedia feels comfortable offering a guarantee of privacy as a hidden feature for users. On the other hand, it's a lot more work to maintain the required systems, tools, and metrics in a privacy-conscious way. The privacy culture takes more time to develop, and data analysis may require creative mindsets and workarounds based on limited data.
Privacy Professional Boss Mode
In Privacy Professional Boss Mode, Melanie Ensign stresses the importance of influence and how to get work done in the day-to-day work of privacy professionals. Inevitably, people will do what they want for their own reasons and you need to know how to motivate them to care, pay attention, and take action on what you say. The fear, uncertainty, doubt, and regulatory privacy hammers have diminishing and short-lived returns. You need to make sure your influence does not disappear with the next regulatory deadline.
To do so, Melanie suggests moving from compliance to commitment. Move from a resentment and policing culture, to one of acceptance of responsibility, reliable, consistent, self-sustaining, and value-based behavior. You have to deliver what people need and you need to be creative and innovative—otherwise, engineers will lose interest and move on to more impactful projects.
How do you know if you already have influence? Do people remember what you say and carry your words to others? Do they learn from you and tell someone else about it? When deciding which tables you should be at to influence others consider:
- What are your goals?
- What are the gatekeepers/stakeholders you need to reach your goals?
- What obstacles and pressures do you face?
- What opportunities do they crave?
- What do they need?
- What can you offer?
Once you are at the table, how do you demonstrate the value of privacy? First and foremost, you should listen and fully understand the context and perspective of the person you're trying to help. Ask questions, help think through the problem, offer information about options, and ultimately follow-up and do the work. There are a lot of other fantastic talking points in this talk and I recommend you check it out!
I hope these posts have piqued your interest in PEPR 2020 and future iterations of the conference! If you are interested in checking out other sessions at PEPR 2020 check out Recap: Privacy Engineering Practice and Respect 2020.
If you liked this post (or have ideas on how to improve it), I'd love to know as always. Cheers!