Rituraj Kirti and Diana Marsala, Meta
Purpose limitation is a fundamental principle of data privacy. It means that the use of data is limited to only the stated purpose(s) disclosed at the point of its collection. In this presentation we will discuss the main challenges when addressing purpose limitation at scale and some of the new technical solutions we have developed at Meta that makes it more efficient.
Our approach to purpose limitation involves using annotations to represent different aspects of data and its processing and using these annotations to apply policy checks across data flows. We will describe the key concepts and our overall workflow that illustrates how we maintain continuous discovery of assets and data flows, reviewing them where required, apply annotations, and iteratively traverse the data flow graph to find and fix any issues.
There are several challenges that impact designing a solution:
- Translating purpose limitation restrictions to code, data and systems is not yet a well defined concept in the industry;
- Handling different data granularities (table, column, row level);
- Conditional data flows; and
- The scale of applying this tech to large companies such as Meta.
Rituraj Kirti, Meta
Rituraj Kirti is a Software Engineer on the Privacy Infrastructure team at Meta that builds technologies for addressing privacy obligations. Kirti's prior work at Meta includes creating and scaling various products that apply machine learning to improve the effectiveness of advertisers. He holds a B.E. (Hons) degree in Instrumentation Engineering from Birla Institute of Technology and Science, Pilani, India.
Diana Marsala, Meta
Diana Marsala is a Software Engineer on the Privacy Infrastructure team at Meta. She was an early adopter of privacy infrastructure technologies, using them to uphold key privacy obligations, and now builds and adapts these technologies for wider use across the company. Marsala holds B.A.S. and M.S.E. degrees in Computer Science from the University of Pennsylvania.
author = {Rituraj Kirti and Diana Marsala},
title = {Approaches and Challenges to Purpose Limitation across Diverse Data Uses},
year = {2024},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}