Introduction to Fides Lang with Cillian Kieran
Summary
TLDRKilian Kiernan introduces Fideslang, a high-level description language for privacy that simplifies complex privacy tasks by integrating with CI pipelines and runtime environments. Fideslang uses a standard ontology to define privacy characteristics of software systems and data, focusing on data categories, uses, subjects, and qualifiers. This language is designed to be human-readable, making it accessible for developers and non-engineers alike, ensuring privacy compliance and interoperability across systems.
Takeaways
- đ Fideslang is a high-level description language for privacy, designed to simplify and automate complex privacy tasks.
- đ It integrates with CI pipelines and runtime environments, supporting privacy in software systems and data processing.
- đ Privacy is complex due to varying global regulations and a lack of interoperability in data definitions across teams and companies.
- đšâđ« Developers often require significant training to understand privacy concepts, highlighting the need for standardized privacy ontologies.
- đïž Fideslang uses a taxonomy that includes four major privacy primitives: data categories, data uses, data subjects, and data qualifiers.
- đ Data categories define the type of data processed, such as 'contact data' or 'email address'.
- đŻ Data uses label the purpose of data usage, like 'advertising' or 'personalization'.
- đ€ Data subjects represent the type of user or subject whose data is being processed, with different rights and policies.
- đ Data qualifiers denote the degree of identification in the data, such as 'aggregated', 'anonymized', or 'identifiable'.
- đ Fideslang is designed to be easy to read, understand, and write, making it accessible to developers and non-engineers alike.
- đ It provides a clear understanding of privacy characteristics, behaviors, and risks associated with data processing in systems.
- đĄ Fideslang's hierarchical taxonomy and dot notation allow for precise and fine-grained privacy definitions, enhancing compliance and interoperability.
Q & A
What is Fideslang and how does it relate to privacy?
-Fideslang is a high-level description language for privacy, supported by a set of tools and workflows. It integrates with CI pipelines and runtime environments to simplify and automate complex privacy tasks, helping teams manage privacy in compliance with global regulations.
Why is privacy a complex problem in software development?
-Privacy is complex due to multiple global regulations with different definitions for how specific categories of data should be treated, compounded by a lack of interoperability as every team and company may define their own view of data types.
What does Fideslang aim to achieve by defining a standard ontology for privacy?
-Fideslang aims to achieve a clear understanding of privacy characteristics, behaviors, and associated risks of systems' data processing by defining a standard ontology, making it easier for developers and non-engineers to understand and comply with privacy regulations.
What are the four major privacy primitives captured by Fideslang's taxonomy?
-The four major privacy primitives are data categories, data uses, data subjects, and data qualifiers. These primitives help describe the type of data, the purpose of its use, the type of user or subject it pertains to, and the degree of identification it provides.
How does Fideslang's hierarchical taxonomy work?
-Fideslang's taxonomy is hierarchical, allowing for both broad and fine-grained categorization of data. For example, 'contact data' is a broad category that includes all contact information, while 'email address' is a more specific sub-category within it.
What is the purpose of data categories in Fideslang?
-Data categories in Fideslang represent the types of data a system processes, providing a clear 'what' aspect of the data being handled, which is crucial for understanding privacy implications.
Can you provide an example of how data uses are described in Fideslang?
-Data uses in Fideslang are described using labels that indicate the purpose for which data is used, such as 'advertising' or 'personalization'. This provides a 'why' aspect, helping to clarify the intent behind data processing.
Why is it important to distinguish data subjects in privacy regulations?
-Data subjects represent the type of user or subject whose data is being processed. Distinguishing them is important because rights or policies for data processing may vary by subject grouping, such as a customer versus a patient.
What do data qualifiers in Fideslang signify?
-Data qualifiers in Fideslang denote the degree of identification for a given data, indicating how identifiable the individual is. Qualifiers include 'aggregated', 'anonymized', and 'identifiable', which help define the privacy level of the data.
How does Fideslang make it easier to comply with privacy regulations?
-Fideslang provides an easy-to-read, understand, and write definition language for privacy that synthesizes major regulations. This ensures that rules and policies can be applied evenly across systems and provides an interoperable standard for privacy.
Where can one find more information about Fideslang and its technical documentation?
-For more information about Fideslang, one can visit ethica.com or check the detailed technical documentation located on the GitHub repository for Fideslang.
Outlines
đ Introduction to Fideslang for Privacy in Data Processing
Kylan Kieran introduces Fideslang, a high-level description language for privacy that integrates with CI pipelines and runtime environments to simplify privacy tasks. Fideslang addresses the complexity of global privacy regulations by providing a standard ontology for data privacy. It is designed to be human-readable and easy for developers to use, even those not familiar with privacy concepts. The language categorizes data into four privacy primitives: data categories, data uses, data subjects, and data qualifiers. These categories help in understanding the privacy characteristics, behaviors, and risks associated with data processing in software systems.
Mindmap
Keywords
đĄFideslang
đĄPrivacy
đĄData Categories
đĄData Uses
đĄData Subjects
đĄData Qualifiers
đĄTaxonomy
đĄInteroperability
đĄCI Pipeline
đĄRuntime Environment
đĄEthical AI
Highlights
Fideslang is a high-level description language for privacy.
It integrates with CI pipelines and runtime environments to automate privacy tasks.
Privacy is complex due to varying global regulations and lack of interoperability.
Fideslang aims to define a standard ontology for privacy in data processing systems.
It is designed for describing privacy characteristics of software systems and data.
Fideslang is based on a taxonomy capturing four major privacy primitives: data categories, data uses, data subjects, and data qualifiers.
Data categories define the types of data a system processes.
Data uses label the purpose for which data is used, like advertising or personalization.
Data subjects represent the type of user or subject whose data is being processed.
Data qualifiers denote the degree of identification for given data, such as aggregated, anonymized, or identifiable.
Fideslang's taxonomy is hierarchical, allowing for both broad and fine-grained privacy descriptions.
It uses dot notation to indicate the relationship between data types and their categories.
Fideslang is easy to read, understand, and write, making it accessible to developers and non-engineers.
It synthesizes major regulations, reducing the need for extensive privacy training.
Fideslang ensures rules and policies can be applied evenly across systems.
It provides an interoperable standard for privacy in git repos, CI pipelines, and runtime environments.
For more information, visit ethica.com or the GitHub repository for detailed technical documentation.
Transcripts
00:01[Music]
00:05hi i'm kylian kieran and i want to talk
00:07a little about fiji's lying today
00:09feta is lying if you're not familiar is
00:11a high level description language for
00:13privacy supported by a set of tools and
00:15workflows
00:16it integrates directly with your ci
00:18pipeline and runtime environment to
00:20simplify and automate complex privacy
00:22tasks
00:23i'm going to share a little more about
00:24how fideslang is used and the benefits
00:26it can provide to any privacy conscious
00:28team so privacy is a complex problem
00:31because of multiple global regulations
00:33with different definitions for how
00:35specific categories of data should be
00:37treated under certain circumstances
00:39this problem is further compounded by a
00:41lack of interoperability because every
00:43team and company defines their own view
00:45of what type of data they're dealing
00:46with of course for developers who aren't
00:48familiar with privacy even penetrating
00:50these concepts means significant
00:52training is required
00:54so the solution to this is to define a
00:56standard ontology for describing privacy
00:58in data processing systems and that's
01:00precisely what feed design is
01:02so feed design is a high level
01:04definition or description language
01:06specifically designed for describing
01:08privacy characteristics of software
01:09systems their associated data sets and
01:12external data sources and destinations
01:14so in order to achieve this and maintain
01:16human readability fides is based on a
01:18taxonomy that today captures four major
01:20privacy primitives which i'll explain in
01:22a little more detail
01:24the first of those is data categories
01:26the categories are types of data that
01:28our system is processing you can think
01:30of this as the what right the what type
01:32of data
01:33the next is data uses or the taxonomy of
01:36labels to describe the purpose for which
01:37data is used in our system you can think
01:39of this as the why
01:41a good example of this might be
01:42advertising or personalization
01:45the third is data subjects so this is
01:48the representation of the type of user
01:50or sometimes called the subject in
01:51privacy regulations so that's who whose
01:54data we're dealing with
01:55the user requires distinction because
01:57rights or policies for how data is
01:58processed may vary by the subject
02:01grouping so an example might be a
02:02customer of an e-commerce system versus
02:05a patient in a clinical trials platform
02:07the fourth and final grouping is data
02:09qualifiers these are an attribute that
02:11denotes the degree of identification for
02:13a given data so that is the how
02:16identifiable the individual is so
02:18qualifier types include aggregated where
02:21there's no individually identifiable
02:22information anonymized which is data
02:24that has been modified to remove
02:26identifiable information or identifiable
02:29which readily identifies the individual
02:31by using these four resources together
02:33as part of feed as lang we can build a
02:35clear understanding of the privacy
02:37characteristics behaviors and associated
02:39risks of our systems data processing
02:42this is the entire premise of feed-outs
02:44and the tools that leverage the fetus
02:45language so fides is very easy to read
02:48understand and write
02:49this is intentional as it should be easy
02:51for any developer or even non-engineers
02:54to pick up
02:55the taxonomy is hierarchical so an
02:57example could be contact data which
02:59encompasses all of the contact
03:01information a user might give to a
03:02system or it might be more fine-grained
03:04such as email address which is a
03:06sub-category of contact information
03:09so for example if we want to declare
03:10that our system was processing data that
03:13might identify a user we would simply
03:15write
03:16user
03:17provided
03:18identifiable data this dot notation
03:21structure indicates that the data in
03:23question was provided by the user and
03:25identifies them directly
03:27we could go a little further and state
03:29that it's user provided identifiable
03:32contact data so in this case we're
03:34stating that it's part of information
03:35related to the contact grouping
03:37and finally we could be very precise and
03:39fine-grained and we could state that
03:40it's user provided identifiable contact
03:43phone number and so in this case we're
03:45clearly saying that it's the fundamental
03:46related to the individual or user
03:49as you can see fides provides an easy to
03:51read and write definition language for
03:53privacy that synthesizes major
03:55regulations for you so you don't need to
03:58in order to provide your work with a
03:59readily understood
04:00privacy compliance set of definitions
04:03this ensures that rules and policies can
04:04be applied evenly and ensures an
04:06interoperable standard for privacy in
04:08both your git repos your ci pipeline or
04:10for evaluation of privacy requests in
04:12your runtime if you'd like to learn more
04:14please check out ethica.com
04:16or the detailed technical documentation
04:18located on the github feed outline
04:19report
Voir Plus de Vidéos Connexes
5.0 / 5 (0 votes)
