How Design, Architecture, and Operation of Modern Systems Conflict with GDPR

03/08/2019
by   Supreeth Shastri, et al.
0

In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this paper, we review GDPR from a system design perspective, and identify how its regulations conflict with the design, architecture, and operation of modern systems. We illustrate these conflicts via the seven privacy sins: storing data forever; reusing data indiscriminately; walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions; treating security as a secondary goal. Our findings reveal a deep-rooted tussle between GDPR requirements and how modern systems have evolved. We believe that achieving compliance requires comprehensive, grounds up solutions, and anything short would amount to fixing a leaky faucet in a burning building.

READ FULL TEXT
research
03/08/2019

The Seven Sins of Personal-Data Processing Systems under GDPR

In recent years, our society is being plagued by unprecedented levels of...
research
10/31/2019

GDPR Anti-Patterns: How Design and Operation of Modern Cloud-scale Systems Conflict with GDPR

In recent years, our society is being plagued by unprecedented levels of...
research
02/27/2022

Associating eHealth Policies and National Data Privacy Regulations

As electronic data becomes the lifeline of modern society, privacy conce...
research
01/08/2019

Designing Data Protection for GDPR Compliance into IoT Healthcare Systems

In this paper, we investigate the implications of the General Data Priva...
research
06/14/2018

How to design browser security and privacy alerts

It is important to design browser security and privacy alerts so as to m...
research
04/18/2023

Revisiting the Design Agenda for Privacy Notices and Security Warnings

System-generated user-facing notices, dialogs, and warnings in privacy a...
research
11/24/2020

Transforming Data Flow Diagrams for Privacy Compliance (Long Version)

Recent regulations, such as the European General Data Protection Regulat...

Please sign up or login with your details

Forgot password? Click here to reset