{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,15]],"date-time":"2026-01-15T04:19:41Z","timestamp":1768450781489,"version":"3.49.0"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2021,1,25]],"date-time":"2021-01-25T00:00:00Z","timestamp":1611532800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2021,1,25]]},"abstract":"How design and operation of modern cloud-scale systems conflict with GDPR.<\/jats:p>","DOI":"10.1145\/3378061","type":"journal-article","created":{"date-parts":[[2021,1,25]],"date-time":"2021-01-25T09:54:12Z","timestamp":1611568452000},"page":"59-65","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":9,"title":["GDPR anti-patterns"],"prefix":"10.1145","volume":"64","author":[{"given":"Supreeth","family":"Shastri","sequence":"first","affiliation":[{"name":"University of Iowa, IA"}]},{"given":"Melissa","family":"Wasserman","sequence":"additional","affiliation":[{"name":"University of Texas, Austin, TX"}]},{"given":"Vijay","family":"Chidambaram","sequence":"additional","affiliation":[{"name":"University of Texas, Austin, TX"}]}],"member":"320","published-online":{"date-parts":[[2021,1,25]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Alexander F. Data is the new bacon. IBM Business analytics blog. 2016; https:\/\/www.ibm.com\/blogs\/business-analytics\/datais-the-new-bacon\/."},{"key":"e_1_2_1_2_1","volume-title":"A., Thomas, K., and Verney, A. Five years of the Right to Be Forgotten. ACM CCS.","author":"Bertram T.","year":"2019","unstructured":"Bertram, T. et al. trait, A., Thomas, K., and Verney, A. Five years of the Right to Be Forgotten. ACM CCS. 2019."},{"key":"e_1_2_1_3_1","volume-title":"A Textbook of Roman Law: From Augustus to Justinian","author":"Buckland W.","year":"2007","unstructured":"Buckland, W. and Stein, P. A Textbook of Roman Law: From Augustus to Justinian. Cambridge University Press, 2007."},{"key":"e_1_2_1_4_1","volume-title":"Section 1798.100 (Jun 28","author":"California Consumer Privacy Act","year":"2018","unstructured":"California Consumer Privacy Act. California Civil Code, Section 1798.100 (Jun 28, 2018)."},{"key":"e_1_2_1_5_1","first-page":"143","article-title":"Rethinking explainable machines: The GDPR's right to explanation debate and the rise of algorithmic audits in enterprise","volume":"34","author":"Casey B.","year":"2019","unstructured":"Casey, B., Farhangi, A., and Vogl, R. Rethinking explainable machines: The GDPR's right to explanation debate and the rise of algorithmic audits in enterprise. Berkeley Technology Law J. 34 (2019), 143.","journal-title":"Berkeley Technology Law J."},{"key":"e_1_2_1_6_1","unstructured":"CNIL. The CNIL's restricted committee imposes a financial penalty of 50 million euros against Google LLC 2019; https:\/\/www.cnil.fr\/en\/cnils-restricted-committee-imposesfinancial-penalty-50-million-euros-against-google-llc."},{"key":"e_1_2_1_7_1","volume-title":"How to download your data with all the fancy new GDPR tools. Gizmodo. 2018","author":"Conger K.","year":"1826","unstructured":"Conger, K. How to download your data with all the fancy new GDPR tools. Gizmodo. 2018; https:\/\/gizmodo.com\/how-todownload-your-data-with-all-the-fancy-new-gdpr-t-1826334079."},{"key":"e_1_2_1_8_1","unstructured":"Data Deletion on Google Cloud Platform 2018; https:\/\/cloud.google.com\/security\/deletion\/."},{"key":"e_1_2_1_9_1","volume-title":"GDPR mayhem: Programmatic ad buying plummets in Europe. Digiday","author":"Davies J.","year":"2018","unstructured":"Davies, J. GDPR mayhem: Programmatic ad buying plummets in Europe. Digiday; 2018; https:\/\/digiday.com\/media\/gdpr-mayhemprogrammatic-ad-buying-plummets-europe\/."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00287-019-01201-1"},{"key":"e_1_2_1_11_1","volume-title":"Washington Post","author":"Doshi V.","year":"2018","unstructured":"Doshi, V. 2018. A security breach in India has left a billion people at risk of identity theft. Washington Post, 2018; https:\/\/wapo.st\/3389hOn."},{"key":"e_1_2_1_12_1","volume-title":"EDPB: First Year GDPR---taking stock. EDPB News","author":"European Data Protection Board","year":"2019","unstructured":"European Data Protection Board. EDPB: First Year GDPR---taking stock. EDPB News; https:\/\/edpb.europa.eu\/news\/news\/2019\/1-year-gdpr-taking-stock_en."},{"key":"e_1_2_1_13_1","volume-title":"Gartner","author":"Forni A.","year":"2017","unstructured":"Forni, A., and Meulen, R. Organizations are unprepared for the 2018 European Data Protection Regulation. Gartner, 2017."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1609\/aimag.v38i3.2741"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3276744"},{"key":"e_1_2_1_16_1","volume-title":"Panera Bread leaked millions of customers' data","author":"Grothaus M.","year":"2018","unstructured":"Grothaus, M. Panera Bread leaked millions of customers' data. In Fast Company, 2018; https:\/\/bit.ly\/3cG5jQk."},{"key":"e_1_2_1_17_1","volume-title":"CNBC","author":"Haselton T.","year":"2017","unstructured":"Haselton, T. Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers. CNBC, 2017."},{"key":"e_1_2_1_18_1","volume-title":"Uber hid 2016 breach, paying hackers to delete stolen data. New York Times","author":"Isaac M.","year":"2017","unstructured":"Isaac, M., Benner, K., and Frenkel, S. Uber hid 2016 breach, paying hackers to delete stolen data. New York Times, 2017; https:\/\/www.nytimes.com\/2017\/11\/21\/technology\/uber-hack.html."},{"key":"e_1_2_1_19_1","first-page":"1","article-title":"Patterns and antipatterns","volume":"8","author":"Koenig A","year":"1995","unstructured":"Koenig, A. Patterns and antipatterns. J. Object-Oriented Programming 8, 1 (1995), 46--48.","journal-title":"J. Object-Oriented Programming"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of Poly'19 co-located at VLDB.","author":"Kraska T.","unstructured":"Kraska, T., Stonebraker, M., Brodie, M., Servan-Schreiber, S. and Weitzner, D. DATUMDB: A data protection database proposal. In Proceedings of Poly'19 co-located at VLDB."},{"key":"e_1_2_1_21_1","volume-title":"CNN Business","author":"Larson S.","year":"2017","unstructured":"Larson, S. Every single Yahoo! account was hacked---3 billion in all. CNN Business, 2017."},{"key":"e_1_2_1_22_1","volume-title":"Even the IAB warned adtech risks EU privacy rules. TechCrunch","author":"Lomas N.","year":"2019","unstructured":"Lomas, N. Even the IAB warned adtech risks EU privacy rules. TechCrunch, 2019; https:\/\/techcrunch.com\/2019\/02\/21\/even-theiab-warned-adtech-risks-eu-privacy-rules\/."},{"key":"e_1_2_1_23_1","volume-title":"TechCrunch","author":"Lomas N.","year":"2019","unstructured":"Lomas, N. Privacy campaigner Schrems slaps Amazon, Apple, Netflix, others with GDPR data access complaints. TechCrunch, 2019."},{"key":"e_1_2_1_24_1","volume-title":"TechCrunch","author":"Lunden I.","year":"2019","unstructured":"Lunden, I. UK's ICO fines British Airways a record £183M over GDPR breach that leaked data from 500000 users. TechCrunch, 2019."},{"key":"e_1_2_1_25_1","volume-title":"Marriott faces £123 million fine for 2018 mega breach. Forbes","author":"O'Flaherty K.","year":"2019","unstructured":"O'Flaherty, K. Marriott faces £123 million fine for 2018 mega breach. Forbes. 2019."},{"key":"e_1_2_1_26_1","volume-title":"Official Journal of the European Union 59","author":"OJEU. General Data Protection Regulation. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46.","year":"2016","unstructured":"OJEU. General Data Protection Regulation. Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46. Official Journal of the European Union 59 (2016), 1--88."},{"key":"e_1_2_1_27_1","volume-title":"An update on the global heatmap","author":"Quarles J.","year":"2018","unstructured":"Quarles, J. An update on the global heatmap, 2018; https:\/\/blog.strava.com\/press\/a-letter-to-the-strava-community\/."},{"key":"e_1_2_1_28_1","unstructured":"Rosen G. Security Update 2018; https:\/\/newsroom.fb.com\/news\/2018\/09\/security-update\/."},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of Poly'19 co-located at VLDB.","author":"Schwarzkopf M.","unstructured":"Schwarzkopf, M., Kohler, E., Kaashoek, F., and Morris, R. GDPR compliance by construction. In Proceedings of Poly'19 co-located at VLDB."},{"key":"e_1_2_1_30_1","volume-title":"USENIX HotStorage","author":"Shah A.","year":"2019","unstructured":"Shah, A., Banakar, V., Shastri, S., Wasserman, M., and Chidambaram, V. Analyzing the impact of GDPR on storage systems. USENIX HotStorage, 2019."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.14778\/3384345.3384354"},{"key":"e_1_2_1_32_1","volume-title":"USENIX HotCloud","author":"Shastri S.","year":"2019","unstructured":"Shastri, S., Wasserman, M., and Chidambaram, V. The seven sins of personal-data processing systems under GDPR. USENIX HotCloud, 2019."},{"key":"e_1_2_1_33_1","volume-title":"The Guardian","author":"Solon O.","year":"2018","unstructured":"Solon, O. Facebook says Cambridge Analytica may have gained 37M more users' data. In The Guardian, 2018; https:\/\/bit.ly\/2S9xVYF."},{"key":"e_1_2_1_34_1","author":"Targett E.","year":"2018","unstructured":"Targett, E. 6 Months, 945 Data Breaches, 4.5 Billion Records. Computer Business Review, 2018; https:\/\/www.cbronline.com\/news\/globaldata-breaches-2018.","journal-title":"Computer Business Review"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3184558.3186969"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354212"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipx005"},{"key":"e_1_2_1_38_1","first-page":"841","article-title":"Counterfactual explanations without opening the black box: Automated decisions and the GDPR","volume":"31","author":"Wachter S.","year":"2017","unstructured":"Wachter, S., Mittelstadt, B., and Russell, C. Counterfactual explanations without opening the black box: Automated decisions and the GDPR. Harvard J. Law & Technology 31 (2017), 841.","journal-title":"Harvard J. Law & Technology"}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3378061","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3378061","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T16:55:39Z","timestamp":1768409739000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3378061"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,25]]},"references-count":38,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,1,25]]}},"alternative-id":["10.1145\/3378061"],"URL":"https:\/\/doi.org\/10.1145\/3378061","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,25]]},"assertion":[{"value":"2021-01-25","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}