This week’s guest is Elias Grünewald, Privacy Engineering Research Associate at Technical University, Berlin, where he focuses on cloud-native privacy engineering, transparency, accountability, distributed systems, & privacy regulation. 

In this conversation, we discuss the challenge of designing privacy into modern cloud architectures; how shifting left into DevPrivOps can embed privacy within agile development methods; how to blend privacy engineering & cloud engineering; the Hawk DevOps Framework; and what the Shared Responsibilities Model for cloud lacks. 

Topics Covered:

• Elias's courses at TU Berlin: "Programming Practical Privacy: Web-based Application Engineering & Data Management" & "Advanced Distributed Systems Prototyping: Cloud-native Privacy Engineering"
• Elias' 2022 paper, "Cloud Native Privacy Engineering through DevPrivOps" - his approach, findings, and framework
• The Shared Responsibilities Model for cloud and how to improve it to account for privacy goals
• Defining DevPrivOps & how it works with agile development
• How DevPrivOps can enable formal privacy-by-design (PbD) & default strategies
• Elias' June 2023 paper, "Hawk: DevOps-Driven Transparency & Accountability in Cloud Native Systems," which helps data controllers align cloud-native DevOps with regulatory requirements for transparency & accountability
• Engineering challenges when trying to determine the details of personal data processing when responding to access & deletion requests
• A deep-dive into the Hawk 3-phase approach for implementing privacy into each DevOps phase: Hawk Release; Hawk Operate; & Hawk Monitor
• How open sourced project, TOUCAN, is documenting conceptual best practices for corresponding phases in the SDLC, and a call for collaboration
• How privacy engineers can convince their management to adopt a DevPrivOps approach

Read Elias' papers, talks, & projects:

• Cloud Native Privacy Engineering through DevPrivOps
• Hawk: DevOps-driven Transparency and Accountability in Cloud Native Systems 
• CPDP Talk: Privacy Engineering for Transparency & Accountability 
• TILT: A GDPR-Aligned Transparency Information Language & Toolkit for Practical Privacy Engineering
• TOUCAN 

Guest Info:

• Connect with Elias on LinkedIn
• Contact Elias at TU Berlin

Send us a Text Message.

Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.