GDPR Anti-Patterns

Supreeth Shastri; Melissa Wasserman; Vijay Chidambaram

doi:10.1145/3378061

Back

Journal article

Open access

Peer reviewed

GDPR Anti-Patterns

Supreeth Shastri, Melissa Wasserman and Vijay Chidambaram

Communications of the ACM, Vol.64(2), pp.59-65

02/2021

DOI: 10.1145/3378061

Files and links (1)

url

https://doi.org/10.1145/3378061View

Published (Version of record) Open Access

Abstract

In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this article, we review GDPR from a systems perspective, and identify how the design and operation of modern cloud-scale systems conflict with this regulation. We illustrate these conflicts via six GDPR anti-patterns: storing data without a clear timeline for deletion; reusing data indiscriminately; creating walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions. Our findings reveal deep-rooted tussle between GDPR requirements and how cloud-scale systems that process personal data have evolved in the modern era. While it is imperative to avoid these anti-patterns, we believe that achieving compliance requires comprehensive, grounds up solutions; anything short would amount to fixing a leaky faucet in a sinking ship.

Computer Science - Computers and Society

Details

Title: Subtitle: GDPR Anti-Patterns
Creators: Supreeth Shastri
Melissa Wasserman
Vijay Chidambaram
Resource Type: Journal article
Publication Details: Communications of the ACM, Vol.64(2), pp.59-65
DOI: 10.1145/3378061
ISSN: 0001-0782
eISSN: 1557-7317
Language: English
Date published: 02/2021
Academic Unit: Computer Science
Record Identifier: 9984259407602771

Metrics

54 Record Views

6 Times Cited - Web of Science

See more details