Fight to be Forgotten: Exploring the Efficacy of Data Erasure in Popular Operating Systems

A Gutmann, Mark Warner
in Annual Privacy Forum, Conference paper (text)


A long history of longitudinal and intercultural research has
identified decommissioned storage devices (e.g., USB memory sticks) as
a serious privacy and security threat. Sensitive data deleted by previous
owners have repeatedly been found on second-hand USB sticks through
forensic analysis. Such data breaches are unlikely to occur when data
is securely erased, rather than being deleted. Yet, research shows people
confusing these two terms. In this paper, we report on an investigation of
possible causes for this confusion. We analysed the user interface of two
popular operating systems and found: (1) inconsistencies in the language
used around delete and erase functions, (2) insecure default options,
and (3) unclear or incomprehensible information around delete and erase
functions. We discuss how this could result in data controllers becoming
non-compliant with a legal obligation for erasure, putting data subjects
at risk of accidental data breaches from the decommissioning of storage
devices. Finally, we propose improvements to the design of relevant user
interface elements and the development of official guidelines for best
practice on GDPR compatible data erasure procedures.