Enforcing Privacy Requirements at Meta: A summary and Key Learnings
Abstract
Enforcing Privacy Requirements at scale is a challenging task. In this talk we will go over key learnings on this space, using the more familiar domain of Security to draw analogies and highlight differences. The talk covers four key learnings: (a) the key similarities and distinctions between security and privacy requirements, (b) how to design an effective enforcement framework, (c) how to get such an enforcement framework deployed at scale, and (d), the main approaches for demonstrating the effectiveness of such enforcement to relevant parties. Overall, the talk will emphasize a proactive and comprehensive approach to enforcing privacy requirements.
Yiannis Papagiannis is an Engineering Director on Meta’s Privacy team. He’s spent the last decade designing, bootstrapping and evolving enforcement systems and teams to safeguard the implementation of privacy requirements such as data deletion, retention and access across Meta’s infrastructure and products. Yiannis received his PhD from Imperial College on Information Flow Control under the supervision of Prof Peter Pietzuch and an MSc/BSc degree from the National Technical University of Athens.