The Seven GDPR Sins of Personal-Data Processing Systems Supreeth Shastri , Melissa Wasserman, Vijay Chidambaram
General Data Protection Regulation (GDPR) May 25, 2018 Fundamental right Adopted after 2 years of public debate. Grants all European people a right to All but 2 EU countries have legislated. protection and privacy of personal data Personal data Covers entire lifecycle Hefty penalty Any information relating to a natural person; Collection, processing, protection, transfer Max penalty of 4% of global revenue Broad in scope unlike FERPA, HIPAA and deletion; Regulated via 99 articles or € 20 million, whichever is greater � 3
GDPR Entities Data Subject Supervisory (e.g., Spotify user) Authority Personal data GDPR queries report GDPR violations GDPR queries s e h c exercise a provide allow data sharing e r b e t GDPR a personal a t g a i d t s audit and rights y e data f v i t n o i n investigate d n a t i d u a share personal data send personal data for external processing Processor Other Controllers Controller (e.g., Google cloud) (e.g., SoundCloud) (e.g., Spotify) store and process personal data internally � 4
GDPR in the Wild Terminated <50 % estimated compliance Adapted By the end of 2018 [Gartner 2018] 94,622 Big Tech Advertised compliance complaints from people everyone In the first 9 months of GDPR rollout Assumed compliance else � 5
Internet-era systems have primarily focused on reliability, scalability, and a ff ordability. KEY Relegating security and privacy as afterthoughts has given rise to OBSERVATION principles and practices that are at odds with GDPR . The Seven GDPR Sins � 6
1. Storing Data Forever B EF O RE §17: Right To Be Forgotten (1) The data subject shall have the right to obtain fson the c ootsom l es the es as us e of p es s oo al data with ov t undue delay [ ...] § 5(1)(E): Storage Limitation 180 AFTER Time that Google cloud requires to “[ ...] kept f os no l oo g es than is necess as y f os the p us poses guarantee that a requested personal f os which the p es s oo al data as e processed [ ...]” data item is fully deleted days � 7
2. Reusing Data Indiscriminately Facebook is using your B EF O RE 2FA phone number to § 5(1)(B): Purpose Limitation target ads at you “P es s oo al data shall be c om lected f os specified, ey plicit and legitimate p us poses and not f us th es processed in a Reported by GIZMODO on 9/26/2018 mann es that is inc on patible with those p us poses [ ...]” § 21: Right To Object AFTER € 50 m On Jan 21st 2019, the French DPA “(1)The data subject shall have the right to object at levied the largest GDPR fine yet on any time to processing of p es s oo al data c oo c es ning Google for purpose bundling him os h es [ ...].” � 8
3. Creating Black Markets and Walled Gardens §14: Information To Be Provided Where B EF O RE 700 B 3000+ Personal Data Have Not Been Obtained From The Data Subject Total personal “(1) (c) the p us poses of the processing [ ...], (e) the recipients [ ...], Unique data points data items accrued per US consumer (2) (a) the p es iod f os which the p es s oo al data will be st os ed [ ...], (f) fson which s ov rce the p es s oo al data os iginate [ ...]. ” § 20: Right to Data Portability “(1) The data subject shall have the right to receive the p es s oo al AFTER data c oo c es ning him os h es , which he os she has pr ow ided to a c ootsom l es . (2) [ ...] the right to have the p es s oo al data ts ansmi tu ed d is ectly fson oo e c ootsom l es to anoth es . ” Many programmatic ad exchanges shut down � 9 Source: 2014 FTC report on 9 largest personal data brokers
4. Risk Agnostic Data Processing ( a.k.a Move fast and break Things ) § 35: Data Protection Impact B EF O RE Assessment “Wh es e processing, in p as ticul as using new techn om ogies, is likely to result in a high risk to the rights of nat us al p es s oo s, the c ootsom l es shall, pri os to the processing, c ars y ov t an assessment of the impact of the envisaged processing.” § 36: Prior Consultation AFTER > 50 m User accounts hacked in 2018, “The c ootsom l es shall c oo sult the sup es vis os y auth os ity pri os to after Facebook’s View-As processing wh es e [ ...] it w ov ld result in a high risk in absence feature was exploited. of meas us es taken by the c ootsom l es to mitigate the risk.” � 10
5. Hiding Data Breaches Breaches in the real world § 33: Notification of A Personal Data Breach (1) the c ootsom l es shall with ov t undue delay and not lat es than 72 h ov rs aft es having bec on e aw as e of it, 945 41,502 notify the sup es vis os y auth os ity. [ …] (3) The notificati oo shall at least des cs ibe the nat us e of Before GDPR After GDPR the p es s oo al breach, [ ...] likely c oo sequences, and [ ...] (worldwide) meas us es taken to mitigate its adv es se effects. ” (only Europe) Reported data breaches 6 months before and after GDPR � 11
6. Making Unexplainable Decisions B EF O RE § 22: Automated Individual Decision-Making “(1) The data subject shall have the right not to be subject to a decisi oo based s om ely oo aut on ated processing [ ...] ” § 15: Right of Access AFTER “(1) The data subject shall have the right to obtain fson the c ootsom l es [ ...] meaningful inf os mati oo ab ov t the logic Workshop on Human Workshop on inv om ved, as well as the significance and the envisaged c oo sequences of such processing.” Interpretability in ML Explainable AI � 12
7. Security as a Secondary Goal § 25: Data Protection By Design and By Security in the real world Default “(1) [ ...] design to implement data protecti oo principles in an effective mann es [ ...] ” § 24: Responsibility of the Data Controller “the c ootsom l es shall [ …] be able to dem oo s ts ate that processing is p es f os med in acc os dance with this Regulati oo .” ML-driven reactive security � 13
Concluding Remarks Cloud consolidation Beyond GDPR GDPR-compliant Redis FUTURE Exploring system-level tradeoff Could compliance be better California’s CCPA is going DIRECTIONS in achieving compliance tackled at cloud provider level? into effect 1/1/2020 We want to hear from you! https://utsaslab.github.io/research/gdpr/ � 14
Recommend
More recommend
