Abstract: Privacy and security share the same engineering goal: prevent harm by enforcing constraints. The difference is that privacy failures are often not immediately visible, and are therefore judged against explicit regulatory requirements—so “being compliant” must be engineered, continuously, and demonstrated with evidence.In this talk, drawing on how we build and operate technical safeguards at Meta, I’ll describe a practical lifecycle for privacy compliance at scale: first defining what’s in scope, then preventing new leaks in new code (“stop the bleed”), remediating legacy issues, and finally preventing regressions through continuous monitoring. I’ll then cover how compliance is proven in practice, with automated reminders and workflows, or with targeted human reviews, or with secure-by-default frameworks, or with detection/understanding mechanisms.To ground the discussion, I’ll close with two concrete examples from Meta: deletion as a secure-by-default safeguard, and data lineage as a detection and enforcement capability—illustrated through a sensitive “religion” use case.
Bio: Francesco Logozzo is a director-level engineer at Meta, where he has played a pivotal role in shaping the company’s security and privacy strategy. He joined Meta in 2015, where he has designed, led and grown Zoncolan, the static analysis platform that helps protect billions of people by automatically detecting security and privacy vulnerabilities across Meta’s family of apps, including Facebook and Instagram. Zoncolan is a cornerstone of Meta’s security infrastructure and is responsible for finding more than 50% of the security bugs across Meta’s family of apps. Before Meta, Francesco spent nine years at Microsoft Research, Redmond, WA, contributing foundational work in program analysis and software verification. He studied at the Scuola Normale Superiore of Pisa before earning a PhD in computer science, advised by Radhia Cousot. He has published extensively in top research venues, including POPL, PLDI, OOPSLA, VMCAI, and SAS.Francesco is a frequent keynote speaker at leading academic and industry conferences and is a co-recipient of the IEEE Cybersecurity Award for contributions to scalable security solutions. He is recognized for deep technical expertise, leadership, and sustained impact on the security and privacy landscape.
