Controlling Privacy in Code Level — 1 (Legacy Systems)

If you posted something into the internet, that means you did something that whole world can see. Therefore concerning about the privacy is a mandatory fact when it comes to interconnected world. That is why there are lots of regulations and acts to control how the end user’s privacy is handled by a system. GDPR[1] is the latest.

General Data Protection Regulation is an act, that is enacted by European parliament to unify and strength the data protection of individuals in European union. Which will be enforced after 25th May 2018[2]. Systems that are running withing the European union or systems that are providing service to European union which has requirements of user information will forced to comply these regulations after its enforcement.

Providing capabilities to control the data privacy in code level will provide an added leverage when it comes to designing systems that should comply with data protection regulations. There are ample amount of design patterns when it comes to developing a privacy concerned system. But changing an existing systems to support new regulations with keeping backward compatibility will be a challenging task.

One approach is to use a pseudonym across the system, instead the privacy concerned user attribute, which will hide the underlying real value without an exclusive mapping. Keeping the user information in a single location and using that pseudonym through out the system will allow central user information management and easy erasure of the data. Without the mapping, pseudonym does not carry any information. Hence having the traces of pseudonym (Ex: In log files.) will not affect the privacy concerns greatly.

Image for post
Image for post
A system that uses a pseudonym.

As above diagram, changing a legacy system to use a pseudonym inside the system boundary can be done with the minimal API level changes. Which will greatly reduce the complications of giving the backward compatibility and easy migration from older versions to newer versions.

[1] https://www.eugdpr.org/

[2] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Written by

Software Engineer @WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store