Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

Andreas Gutmann, Mark Warner

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

7 Citations (Scopus)
50 Downloads (Pure)

Abstract

A long history of longitudinal and intercultural research has identified decommissioned storage devices (e.g., USB memory sticks) as a serious privacy and security threat. Sensitive data deleted by previous owners have repeatedly been found on second-hand USB sticks through forensic analysis. Such data breaches are unlikely to occur when data is securely erased, rather than being deleted. Yet, research shows people confusing these two terms. In this paper, we report on an investigation of possible causes for this confusion. We analysed the user interface of two popular operating systems and found: (1) inconsistencies in the language used around delete and erase functions, (2) insecure default options, and (3) unclear or incomprehensible information around delete and erase functions. We discuss how this could result in data controllers becoming non-compliant with a legal obligation for erasure, putting data subjects at risk of accidental data breaches from the decommissioning of storage devices. Finally, we propose improvements to the design of relevant user interface elements and the development of official guidelines for best practice on GDPR compatible data erasure procedures.
Original languageEnglish
Title of host publicationPrivacy Technologies and Policy
Subtitle of host publication7th Annual Privacy Forum, APF 2019, Rome, Italy, June 13–14, 2019, Proceedings
EditorsMaurizio Naldi, Giuseppe F. Italiano, Kai Rannenberg, Manel Medina, Athena Bourka
PublisherSpringer
Chapter4
Pages45-58
Number of pages14
ISBN (Electronic)9783030217525
ISBN (Print)9783030217518
DOIs
Publication statusPublished - 8 Jun 2019
EventAnnual Privacy Forum 2019 - LUISS Guido Carli, Rome, Italy
Duration: 13 Jun 201914 Jun 2019
https://2019.privacyforum.eu/

Publication series

NamePrivacy Technologies and Policy
Volume11498
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceAnnual Privacy Forum 2019
Abbreviated titleAFP 2019
Country/TerritoryItaly
CityRome
Period13/06/1914/06/19
Internet address

Keywords

  • Privacy evaluation
  • Data erasure
  • GDPR
  • Cognitive Walkthrough

Fingerprint

Dive into the research topics of 'Fight to Be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems'. Together they form a unique fingerprint.

Cite this