Privacy by Design for Agile Development - Uber's Approach

Explore privacy by design principles in agile development environments through this 16-minute conference talk from USENIX Enigma 2020. Delve into the challenges of implementing privacy controls in fast-paced, iterative software development processes, with a focus on Uber's approach. Learn how to adapt traditional privacy risk mitigation strategies to modern agile methodologies, addressing issues such as continuous feature updates, experimental releases, and microservice architectures. Discover practical techniques for data classification, inventory management, and deletion in complex, interconnected service ecosystems. Gain insights on aligning privacy practices with GDPR requirements, ISO29100 standards, and Data Protection Authority guidelines while maintaining development speed and efficiency.

Intro
Outline
Privacy by Design (Since 1995)
GDPR Art 25: Which factors?
When to implement the controls?
Existing Guidelines
Agile Development
Challenge 1: System Characterization
Uber's Approach: Data Classification
Uber's Approach: Data Inventory
Challenge 2: Threats and Mitigation
Uber's Approach to Data Deletion
Conclusion