Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY
Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.
* access
* rectification
* deletion
Legal's trying to uphold them, but it's a technical question!
Legal wants to decrease risk but don't know software
It takes a lot of time to handle these requests, too!
They need a streamlined technical solution.
Average SMB has data in 10 different systems.
Some poor software engineer is trying to track down what data is where?
What even *is* PII? There's no real standard.
What should be returned? What should be deleted.
Make a definition and stick to it.
2. Find all the PII
3. Use pseudonymization to replace PII with some kind of random value which can't be tied back to the user
[reminder I am livetweeting this is not me speaking]
Maybe a centralized team who can handle this?
If you're a small company, plan ahead!
* you have a timeline -- often 30 or 45 days
* but that's not enough time if you haven't planned for streamlined speed
Ideally you won't need it, but have a backup plan, in case something goes wrong with a slow data system
More from Lea Kissner
More from Tech
Recently, the @CNIL issued a decision regarding the GDPR compliance of an unknown French adtech company named "Vectaury". It may seem like small fry, but the decision has potential wide-ranging impacts for Google, the IAB framework, and today's adtech. It's thread time! 👇
It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha
I've read it so you needn't!
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.
Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
It's all in French, but if you're up for it you can read:
• Their blog post (lacks the most interesting details): https://t.co/PHkDcOT1hy
• Their high-level legal decision: https://t.co/hwpiEvjodt
• The full notification: https://t.co/QQB7rfynha
I've read it so you needn't!
Vectaury was collecting geolocation data in order to create profiles (eg. people who often go to this or that type of shop) so as to power ad targeting. They operate through embedded SDKs and ad bidding, making them invisible to users.
The @CNIL notes that profiling based off of geolocation presents particular risks since it reveals people's movements and habits. As risky, the processing requires consent — this will be the heart of their assessment.
Interesting point: they justify the decision in part because of how many people COULD be targeted in this way (rather than how many have — though they note that too). Because it's on a phone, and many have phones, it is considered large-scale processing no matter what.
Here is a simple example of a machine learning model.
I put it together a long time ago, and it was very helpful! I sliced it apart a thousand times until things started to make sense.
It's TensorFlow and Keras.
If you are starting out, this may be a good puzzle to solve.
The goal of this model is to learn to multiply one-digit
I put it together a long time ago, and it was very helpful! I sliced it apart a thousand times until things started to make sense.
It's TensorFlow and Keras.
If you are starting out, this may be a good puzzle to solve.
The goal of this model is to learn to multiply one-digit
It is a good example of coding, what is the model?
— Freddy Rojas Cama (@freddyrojascama) February 1, 2021