Abstract
A long history of longitudinal and intercultural research has identified decommissioned storage devices (e.g., USB memory sticks) as a serious privacy and security threat. Sensitive data deleted by previous owners have repeatedly been found on second-hand USB sticks through forensic analysis. Such data breaches are unlikely to occur when data is securely erased, rather than being deleted. Yet, research shows people confusing these two terms. In this paper, we report on an investigation of possible causes for this confusion. We analysed the user interface of two popular operating systems and found: (1) inconsistencies in the language used around delete and erase functions, (2) insecure default options, and (3) unclear or incomprehensible information around delete and erase functions. We discuss how this could result in data controllers becoming non-compliant with a legal obligation for erasure, putting data subjects at risk of accidental data breaches from the decommissioning of storage devices. Finally, we propose improvements to the design of relevant user interface elements and the development of official guidelines for best practice on GDPR compatible data erasure procedures.
Original language | English |
---|---|
Title of host publication | Privacy Technologies and Policy |
Subtitle of host publication | 7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings |
Editors | Maurizio Naldi, Giuseppe F. Italiano, Kai Rannenberg, Manel Medina, Athena Bourka |
Publisher | Springer |
Chapter | 4 |
Pages | 45-58 |
Number of pages | 14 |
ISBN (Electronic) | 9783030217525 |
ISBN (Print) | 9783030217518 |
DOIs | |
Publication status | Published - 8 Jun 2019 |
Event | Annual Privacy Forum 2019 - LUISS Guido Carli, Rome, Italy Duration: 13 Jun 2019 → 14 Jun 2019 https://2019.privacyforum.eu/ |
Publication series
Name | Privacy Technologies and Policy |
---|---|
Volume | 11498 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Annual Privacy Forum 2019 |
---|---|
Abbreviated title | AFP 2019 |
Country/Territory | Italy |
City | Rome |
Period | 13/06/19 → 14/06/19 |
Internet address |
Keywords
- Privacy evaluation
- Data erasure
- GDPR
- Cognitive Walkthrough