Discover and read the best of Twitter Threads about #PEPR21
Most recents (4)
It's time to kick off an entire session about data deletion at #PEPR21 (It's hard!) with "Deletion Framework: How Facebook Upholds its Commitments Towards Data Deletion" from Benoît Reitz, Facebook
That's right, come one come all, this is @Facebook' data deletion framework.
That's right, come one come all, this is @Facebook' data deletion framework.
We can't expect people to write their own data deletion logic.
* They often don't know how to do it well and write bugs
* The deletion logic and data definition may drift apart over time
So we get annotations that people put on their storage
* They often don't know how to do it well and write bugs
* The deletion logic and data definition may drift apart over time
So we get annotations that people put on their storage
Annotations example. There are multiple different types of edges, like "deep" saying when a post is deleted, the comments should also be deleted.
If it's a "shallow" edge, it should delete the association but not the object (e.g. a post is deleted but not the whole user)
If it's a "shallow" edge, it should delete the association but not the object (e.g. a post is deleted but not the whole user)
It's time to talk about consent at #PEPR21 starting with "Designing Meaningful Privacy Choice Experiences for Users" by Yuanyuan Feng, Carnegie Mellon and Yaxing Yao, University of Maryland
Notice and choice is a legal framework. There are privacy notices which tell people about the practices. The controls let people have limited controls.
But in practice the controls are usually difficult to find, overly simplified, and sometimes manipulative using "dark patterns"
But in practice the controls are usually difficult to find, overly simplified, and sometimes manipulative using "dark patterns"
Dark patterns manipulate people into making choices they might not otherwise make. For example, the terms/policy are linked in tiny type and there's only one button: sign up. Any choices are hidden behind this, which is suboptimal.
Or the pre-selected options may not be good.
Or the pre-selected options may not be good.
Next up at #PEPR21: Cryptographic Privacy-Enhancing Technologies in the Post-Schrems II Era
from Sunny Seon Kang, Data Privacy Attorney
from Sunny Seon Kang, Data Privacy Attorney
Going to provide context on CJEU case C-311/18, aka "Shrems II"
This launched companies into a whole tizzy because they said that folks needed "supplementary measures". What the heck is that?
This launched companies into a whole tizzy because they said that folks needed "supplementary measures". What the heck is that?
Without Privacy Shield, you can't transfer data from the EU to the US (thanks, Shrems I), because the US isn't considered to have "adequacy" [essentially strong enough protections under the law. People were pissed about Snowden]
First up at #PEPR21 "Privacy for Infrastructure: Addressing Privacy at the Root" by Joshua O’Madadhain and Gary Young from @Google.
Because hey, privacy is a full-stack problem, from humans and the societies they build all the way down to the hardware. Infrastructure is key.
Because hey, privacy is a full-stack problem, from humans and the societies they build all the way down to the hardware. Infrastructure is key.
Both Josh and Gary have been at Google for "a while" (I think that's about 15 years each) and are both wizzes when it comes to privacy, especially in infrastructure.
Infrastructure is systems that provide other systems or products with capabilities [not the security kind]
Infrastructure is systems that provide other systems or products with capabilities [not the security kind]
Types:
* storage systems
* network systems
* data processing systems
* server frameworks
* libraries
* system integrations
* etc.
* storage systems
* network systems
* data processing systems
* server frameworks
* libraries
* system integrations
* etc.
