AI 资讯
Privacy by design: what it is and how to apply it
"Privacy by design" is one of those phrases you read everywhere and rarely understand. It is often treated as a document to attach to a project, a box to tick before going live. In reality it is not a piece of paperwork: it is the way software is conceived and built from the very first line, so that it protects people's data without anyone having to remember to do so afterwards. What the GDPR actually says The principle is written plainly in Article 25 of the GDPR, which speaks of "data protection by design and by default". These are two distinct things. Protection by design concerns the choices made while the system is being built. Protection by default concerns how the system behaves the moment it is switched on, before anyone touches a single setting. The law does not mandate a specific technology. It asks for an outcome: that data protection be built into the system, proportionate to the risks, and not bolted on afterwards as a patch. It is a difference of substance, not of form. A well-designed system does not have to chase compliance: it already has it inside. It is not a document, it is an architecture The most common mistake is to reduce privacy by design to a file. A report is written, filed, and the building goes on exactly as before. But a PDF protects no data. What protects data are the technical decisions: what information is collected, where it is stored, who can see it, how long it stays, what happens when it is no longer needed. These decisions are made at design time, and changing them later costs far more than getting them right at the start. The principles, turned into concrete choices Privacy by design becomes useful only when it stops being a slogan and turns into a series of choices. Translated into practice, the principles sound like this. Minimisation. You collect only the data genuinely needed to deliver the service. A field you do not collect does not need protecting, cannot be lost in a breach, does not need keeping. The safest piece of da
AI 资讯
Article: Designing Continuous Authorization for Sensitive Cloud Systems
Most cloud systems make one authorization decision at login. Everything after runs on trust established at authentication time. For systems handling regulated data, that gap is where breaches happen. This article presents a continuous authorization architecture covering risk-tiered evaluation, behavioral baselines, privacy-preserving audit trails, and a phased and incremental rollout. By Venkata Nedunoori
AI 资讯
You can't delete an event. GDPR says you must. Crypto-shredding is the truce.
Two rules that can't both be true Event sourcing has one rule: you never delete. You append. The log is the source of truth, and rewriting history is the cardinal sin. GDPR Article 17 has one rule too: when a user asks, you erase their personal data. Not "hide it," not "flag it deleted" — erase it, everywhere, including backups. Put an event-sourced system in front of a privacy regulator and those two rules collide head-on. The user's name, email, and address are baked into CustomerRegistered , AddressChanged , OrderPlaced — dozens of immutable events, replicated to read models, snapshotted, and sitting in every nightly backup you've ever taken. "Just delete the events" breaks event sourcing. "Never delete" breaks the law. Most teams discover this tension after they've committed to append-only. A word on why this isn't academic for me. I build from Germany. Article 17 is EU law — the GDPR, or DSGVO as we call it here — not a German invention, but Germany enforces it about as hard as anywhere in Europe: regional data-protection authorities that issue real fines, and "we were careful" has never been a defense that held up. That pressure is exactly why I wanted erasure to fall out of the architecture instead of being a promise I make to an auditor and then pray I can keep. Why "delete the row" doesn't actually erase anything Say you give in and hard-delete the events for one user. You've still got their data in: every read-model projection rebuilt from those events, every snapshot that rolled them up, every backup taken before the deletion, every replica and every export that already left the building. Chasing personal data across all of those, provably, on a 30-day regulatory clock, is a nightmare — and a single missed backup tape means you didn't comply. Physical deletion doesn't scale to a system designed to keep everything forever. Crypto-shredding: delete the key, not the data The trick is to stop trying to delete the data and instead delete the ability to read it
AI 资讯
The Sovereign Privacy Illusion: Why GDPR Compliance Doesn’t Equal Data Control
When regulation becomes theater and encryption becomes window dressing By Vektor Memory — 20 min read It is raining here in the Southern Hemisphere again. It has been raining for three weeks now, nonstop. I’m sitting with my chai coffee, watching out of the window, and thinking about data sovereignty. It is, genuinely, the kind of thing I think about often. The northern hemisphere is winding up for summer. Europe is getting ready for long evenings and beach holidays. I’m quietly jealous. I’ve always wanted to split the year: six months south, six months north. Endless summer. The perpetual warmth of a life lived chasing the sun. But here I am. Chai. Rain. Data. I’ve been turning over one question in particular: why is it that the moment you mention data sovereignty, people immediately reach for GDPR? It’s reflexive, especially among Europeans. Understandable. GDPR is loud, it’s enforced, it has teeth. French, German, and Dutch visitors make up a large disproportionate share of our site traffic at VEKTOR, and the interest in privacy and sovereignty from that audience is intense and genuine. Northern Europeans, by and large, take this seriously in a way that other markets don’t; they are working on ways to disassociate from the cloud around the world. And yet. How many times have we clicked “Accept All” on a cookie banner in the last week? How many times have you scrolled past a privacy policy that runs to forty-two pages? How many times have you handed over your email address, your location, your device fingerprint, your behavioral patterns not because you wanted to, but because there was no meaningful alternative? GDPR created the most sophisticated legal architecture for data rights the world has ever seen. It also created the most sophisticated ritual of consent theater the world has ever performed. That gap, between the law and the lived reality, is what this article is about. Ubiquitous data centre growth image The Reflex Problem When people think of data sovere