Enigma 2020 has ended
Back To Schedule
Tuesday, January 28 • 2:30pm - 3:00pm
Privacy at Speed: Privacy by Design for Agile Development at Uber

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The concept of privacy by design (PbD) is more than 20 years old and a common element in both regulatory and technical discussions. While many strategies for Privacy by Design focuses on product development with a traditional waterfall-style methodology, today's current agile development process does not follow the historically clear cut and distinct design, planning, implementation, and release phases. Many privacy risk mitigation strategies are created for the waterfall-style methodology and focus on the planning phase. The implementation phase consists of taking the planned actions with the hopes that they are enough to avoid the identified risks.

In an agile methodology, software is released in an iterative and feedback-driven fashion, which emphasizes short development cycles, continuous testing, user-centricity and greater simplicity of design. Agile programming practices allow developers across services to continuously tweak, remove or add new features using "build-measure-learn" feedback loops. This includes experimental features, minimum viable products, and alpha releases. While agility requires quick software development sprints, privacy analysis is usually a slow and time-consuming activity. In addition, technical privacy assessments are based on the architectural description of the system, but in agile development, there is often no grand design upfront and the documentation is limited. It might be possible to assess the privacy readiness of each feature, but when these features are combined, there is no guarantee that the service itself or the entire supply chain that underlies it fulfills all the privacy requirements. The latter is the case due to modular micro-service oriented architectures that are favored in current-day software ecosystems.

In this talk, we will demonstrate an approach to technical privacy where privacy by design is applied in a hyper-connected service environment. We will walk through some of the principles coming from GDPR, industry standards such as ISO29100 and Data Protection Authority guidelines. We will also demonstrate how those principles can be applied to a complex agile environment.


Dr. Engin Bozdag

Engin is a senior privacy architect at Uber and leads the technical privacy review process to ensure privacy is embedded into products and services as early as possible. Prior to Uber, Engin worked for health tech leader Philips and led their technical GDPR implementation program... Read More →

Tuesday January 28, 2020 2:30pm - 3:00pm PST
Grand Ballroom