Back To Schedule
Monday, July 8 • 9:15am - 9:30am
The Seven Sins of Personal-Data Processing Systems under GDPR

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this paper, we review GDPR from a system design perspective, and identify how its regulations conflict with the design, architecture, and operation of modern systems. We illustrate these conflicts via the seven GDPR sins: storing data forever; reusing data indiscriminately; walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions; treating security as a secondary goal. Our findings reveal a deep-rooted tussle between GDPR requirements and how modern systems have evolved. We believe that achieving compliance requires comprehensive, grounds up solutions, and anything short would amount to fixing a leaky faucet in a sinking ship.


Supreeth Shastri

University of Texas at Austin

Melissa Wasserman

University of Texas at Austin

Vijay Chidambaram

University of Texas at Austin

Monday July 8, 2019 9:15am - 9:30am PDT
HotCloud: Grand Ballroom VII–IX