Data Erasure & Governance with Flutter & Firebase

Transcript

1. Data Erasure & Governance with 2020

2. Owning a home is hard 2

3. 3 Analysis Help homeowners remember • Surveys • Heuristic analysis

   of adjacent tools • Problem prioritization

4. Agenda 1. Why respect deletion requests? 2. Users’ data and

   your app experience 3. Code walkthrough with Flutter & Firebase 4. Summary 4

5. Hello! I am Noble Sr. Product Manager, Ventera Former Google

   Developers Expert for Product Strategy 5 Emergent Technologies Data Ethics Product Strategy Noble

6. Why respect erasure requests? and how FlutterFire makes that easy

7. Why respect data erasure requests? ❏ Users context and choice

   ❏ Intuitive controls in your application ❏ It’s not your data 7

8. Choice, Control, & Erasure • Leave it to your users

   to choose data they want to share with you • Choice also means the ability to revoke their consent later • Control means the ability to erase my data is accessible and intuitive. 8 Image credit Aaron Iker | Dribbble

9. Context

10. • Names • Addresses • Email addresses • SSN/National ID

    # • Personal Health Info • ... Personal Data Data Categories Specific To Our App • Property tax information • Inspection Reports • Location information • Banking information • Photos

11. Context Clear reason why you need my data. How long

    do you need it? Who are you sharing this data with and when? Choice Give me agency over my data. How often does that data change? Can I revoke my consent at any time? Control Easy access to my data. Do: Use standard, low-friction patterns. Don’t: Use dark patterns, hidden links. 11 Why respect erasure requests?

12. How a panicked Product Lead went from WTF is Flutter

    to talk in 5 weeks HOW to handle erasure with Flutter fire

13. Handling erasure with Firebase ❏ Conduct Impact Assessment ❏ Configure

    Firebase ❏ Review data structure 13

14. Privacy Impact Assessment 14 Provide controls to make it simple

    for users to delete their data Data Privacy Impact Assessment and determine risks Find opportunities to Minimize Data PIA at a high level

15. Firebase setup • Wire up Auth with flutterfire • Install

    Firebase Extensions • Configure Delete User Data firebase.google.com/products/extensions & Implement Extension

16. npm install -g firebase-tools ... firebase ext:install delete-user-data --project=projectId 16

    Installing via CLI Update your CLI and Install the extension

17. 17 Review Data Structure Update your CLI and Install the

    extension

18. 18 Firebase Extensions Pre-packaged solutions to save time Switched to

    Editor

19. Summary Conduct a PIA Assessment of risks > Remediate >

    monitor continuously as you would security. Setup Firebase Configure your environment, spot check your data architecture, and ensure users data is keyed to UID. Implement Extension As you do, be sure to think about the three C’s. Context, Choice, and Control. 19

20. The pandemic & how Flutter turned an idea into a

    prototype, quickly. Code walkthrough with Flutter & Firebase

21. FlutterFire Walkthrough ❏ Installing FlutterFire plugins ❏ Setup IDE ❏

    Implement & monitor the Extension 21

22. Installing FlutterFire Plugins 22

23. dependencies: flutter: sdk: flutter firebase_core: "^0.5.0" firebase_auth: "^0.18.0+1" 23 Add

    & Download Dependencies Add the firebase_auth dependency to your projects pubspec.yaml flutter pub get

24. import 'package:firebase_auth/firebase_auth.dart'; … import 'package:cloud_firestore/cloud_firestore.dart'; … // Delete User Future<void>

    deleteUser() async { FirebaseUser user = await getUser; try { await user.delete(); } catch (e) { ... } } 24 Implement Extension Leverages FlutterFire with Cloud Firestore, Cloud Storage

25. Widget confirmButton = FlatButton( ... onPressed: () { Navigator.of(ctx).pop(); deleteUserData(ctx,

    auth); }, ); 25 Implement Extension Leverages FlutterFire for Cloud Firestore

26. 26 Switched to Console

27. Monitoring • Auth dashboard • Add firebase.google.com/products/extensions Your extensions

28. Summary Installing FlutterFire plugins firebase.flutter.dev gets you plugins for auth,

    analytics, Firestore, Cloud messaging and more across mobile and web. Setup IDE VSCode with the Dart, Awesome Flutter Snippets, Flutter Extension plugins was the way to go. Implement & monitor the Extension You can monitor the activity of your extension, in the Functions panel including checks on health, usage, and logs. 28

29. Positive Sum Opportunities Vulnerabilities and breaches cause Governments to view

    data as a human right. Growth In Regulations Massive amounts of our personal data is given up for convenience. Growth In Data Regulations

30. Data Privacy & Current Landscape CCPA 30 PIPEDA LGPD GDPR

    PDO APP MDPA

31. 31

32. Lessons learned Choose the right tool Visual Studio Code FTW.

    Started with Android Studio based on demos but with the right VSCode plug-ins, I never looked back. Minimize data Think deeply about what data you really need. Consider progressively collecting them when your user needs it. It's shiny but not a toy Complex applications may require non-GCP. OOTB, there are powerful integrations like firebase. You have a lot of options if you're willing to do the work. 32

33. Thanks! 2020 Your questions? You can find me at @nobleackerson

    on Twitter & Medium

34. Appendix 34

35. Data Right to Access Where would you expect to request

    access or deletion of your data if not Account?

36. Easy access to my data • Intuitive controls so that

    I can act on my consent • The rights to rectification, deletion, and information 36

37. Minimize your data Data processing should only use as much

    data as is required to successfully accomplish a given task. 37