Conference proceeding
The Seven Sins of Personal-Data Processing Systems under GDPR
HotCloud'19: Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing
07/08/2019
Abstract
In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this paper, we review GDPR from a system design perspective, and identify how its regulations con_ict with the design, architecture, and operation of modern systems. We illustrate these conflicts via the seven GDPR sins: storing data forever; reusing data indiscriminately; walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions; treating security as a secondary goal. Our findings reveal a deep-rooted tussle between GDPR requirements and how modern systems have evolved. We believe that achieving compliance requires comprehensive, grounds up solutions, and anything short would amount to flxing a leaky faucet in a sinking ship.
Details
- Title: Subtitle
- The Seven Sins of Personal-Data Processing Systems under GDPR
- Creators
- Supreeth ShastriMelissa WassermanVijay Chidambaram
- Resource Type
- Conference proceeding
- Publication Details
- HotCloud'19: Proceedings of the 11th USENIX Conference on Hot Topics in Cloud Computing
- Language
- English
- Date published
- 07/08/2019
- Academic Unit
- Computer Science
- Record Identifier
- 9984259495102771
Metrics
16 Record Views