Privacy by Design with Nishant Bhajaria

Data privacy has often been an after-thought in software and platform development. Data breaches have increased consumer awareness and laws such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) have been enacted. Programmers and engineers need to think about what data they are collecting, how it is being stored and accessed, and how it is shared to protect their end users.

Today's guest is Nishant Bhajaria. Nishant leads the technical privacy and strategy teams for Uber that include data scientists, engineers, privacy experts, and others as they seek to improve data privacy for the consumers and the company. Previously, he worked in compliance, data protection and privacy at Google. He was also the head of privacy engineering at Netflix. He is a well-known expert in the field of data privacy, has developed numerous courses on the topic, and has spoken extensively at conferences and on podcasts.

Show Notes:

• [1:09] - Nishant shares his background and how he got started in the field of data privacy. He started at Intel and explains the changes in data collection in the early 2010s.
• [2:47] - Nishant started in the field "before it was cool," because of his strengths as an engineer and writer.
• [3:33] - GDPR stands for General Data Protection Regulation and Nishant describes what this law means and how it came about in Europe.
• [4:47] - CCPA is the US's approach and first step into data privacy laws.
• [5:53] - Consent is going to be a big topic in 2021. Nishant describes how the events of the last decade have led to data privacy laws.
• [6:56] - Nishant points out that a problem with data privacy laws as they stand right now is that they are not written by people who have the technological and engineering background.
• [8:39] - The data privacy issues that have arisen in recent years did not happen all of a sudden. Nishant explains that many mistakes across the board have led to them.
• [9:00] - Nishant lists some of the conundrums and ethical questions that come up when discussing data privacy.
• [10:23] - One of the biggest problems with data privacy is the different understanding of what that means. European countries and the United States do not have the same understanding of what privacy is.
• [11:46] - Security features exist for very good reasons, but people are generally very impatient with them.
• [12:12] - Nishant gives an example of microdecisions that come in to play when data gets into the hands of the wrong person.
• [14:17] - Nishant gives an example of how some decisions, made by companies in response to GDPR, are making sure they are in compliance but are not always consumer friendly due to a lack of understanding of the law.
• [15:56] - The internet was not designed with privacy in mind. Privacy was an afterthought.
• [17:06] - Nishant describes the challenges that we face when consumers want to access apps and sites quickly and the domino effect that takes place.
• [18:29] - There was a huge systemic change in the workforce in the field of data privacy and data collection that Nishant describes was due to most people joining this career after 2009.
• [19:43] - A problem arose when engineers would think that they were always the ethical ones because they were collecting data or designing apps and platforms to collect data for the right reasons. But that isn't always how that data is used. More to Nishant's point that data collection needs to be regulated from the get go.
• [21:03] - Privacy is all about not accessing or using data without the owner's consent, but people don't realize how much can be known about someone just with combining easily accessible data online.
• [22:10] - We have built the internet for fast access and use. Customers sign up for a lot of access to sites and apps and don't think about the use of their data when they do.
• [24:31] - For companies that are small and don't have the legal teams to handle a privacy problem, Nishant says the first thing to do is to make sure you really need the information you are asking for from your customers.
• [25:27] - It is much easier to look at what you're collecting, the necessity of it all, and how that data could be compromised in the early stages because there's not a lot of data to dig into.
• [26:06] - Another tip from Nishant is to lean on tooling to build privacy at scale. He describes what this means with examples.
• [27:36] - Nishant also explains to make sure that the wall between the legal team and the engineering/privacy team is broken down. Those teams need to work in harmony.
• [29:10] - Chris and Nishant discuss the pitfalls of deleting data and the importance of consistency.
• [31:07] - Many companies cannot afford to go through a data breach or legal problem with data privacy.
• [32:10] - There is an economical factor to consider when collecting too much data or duplicate data that Nishant describes.
• [34:18] - When signing up for services, sites, or apps, consider why they are asking for the data they say they need. A social security number, for example, is not needed for a grocery delivery.
• [36:01] - As a result of the GDPR, companies are starting to be required to disclose the information of what consumers' data is used for.
• [36:28] - Nishant says that the biggest piece of advice he has for consumers is to always ask questions. At the end of the day, it is your data and you need to know what's happening with it.
• [37:56] - Apple specifically has built a really strong privacy standard for other companies to live up to.
• [40:01] - This time of Covid and the US's political events have changed the landscape of privacy and data collection and through this crisis, Nishant is confident that great ideas and positive change come through times of unrest.
• [41:37] - Regulators and lawmakers need the engineering support and need to be a part of our conversations regarding data privacy.
• [43:24] - Nishant hasn't met anyone that has thought that privacy is unimportant, but communicating the details and the prioritization is a different challenge.
• [45:16] - Privacy by Design is Nishant's book written to educate business owners, engineers, and CEOs that privacy is taken care of at the start instead of as an afterthought as a response to a problem.
• [47:31] - Regardless of your current understanding of technology, Nishant's book is a great read to better understand privacy and data collection.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Nishant Bhajaria on LinkedIn
• Privacy by Design by Nishant Bhajaria
• Nishant Bhajaria on Twitter