Fides now supports e2e data subject rights fulfillment, free & open-source. 🚀

Privacy-As-Code: Preventing Facebook’s $5B violation using Fides Open-Source

In this article, we'll use open-source privacy engineering tools to code a policy that prohibits applications from sharing data with third-parties. This was the data governance issue at stake in a 2019 ruling by the FTC against Facebook that resulted in a hefty fine.

Introduction

About these articles

Facebook’s violation under FTC decree

So what happened here?

How Fides’ Privacy-as-Code could have helped

Overview of Fides integration points in code management and runtime environment

Examine our policy

facebook_fides_policy.yml
  1. ## Reject Third-Party Data Sharing
  2. policy:
  3.  - fides-key: data_sharing_policy
  4.   name: Data Sharing Policy
  5.   description: The privacy policy that governs sharing of data with third parties.
  6.   rules:
  7.    name: Disallow Third-Party Marketing
  8.     description: Disallow collecting any user contact info to use for marketing.
  9.     data_categories:
  10.      matches: : ANY # If any of these data categories are being used
  11.      values:
  12.       - account
  13.       - user
  14.      data_uses:
  15.      matches: ANY # And the use of the data is for third-party sharing
  16.      values:
  17.       - third_party_sharing
  18.     data_subjects:
  19.      matches: ANY # And the data subject is a customer
  20.      values:
  21.       - customer
  22.     # And the data is identifiable, trigger a violation
  23.    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified

Policy in action

Summary

We’re applying open-source devtools to the most high-profile privacy cases in recent years. This time, we build a solution to a landmark case in biometric privacy and purpose specification.
In recognition of Women's History Month, Ethyca recently hosted the Women in Privacy Career Panel, featuring a group of accomplished privacy leaders. It was inspiring and informative to hear these women share insights they've gained over their careers. From the panel discussion and Q&A, we identify three common threads from the panelists when it comes to building a career in privacy tech.

Ready to get started?

Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!