As your mobile users get accustomed to advanced features that require Cloud support, it becomes increasingly hard to protect their privacy while staying up to date with data protection regulations such as the GDPR. We would like to show you how you can continue to use cloud-based SDKs and employ Firebase to create an experience that pleases both your users and your newly hired data stewardship team.
Sebastian Schmidt, Rachel Myers - How To Go Serverless And Not Violate The GDPR - Codemotion Berlin 2018
1. How to go serverless and
not violate the GDPR
Sebastian Schmidt and Rachel Myers
Berlin | November 20 - 21, 2018
2.
3. GDPR
11 Chapters that regulate:
● Rights of data subjects
● Responsibilities for data controllers/processors
● Data transfers
● Penalties
4. GDPR
11 Chapters that regulate:
● Rights of data subjects
● Responsibilities for data controllers/processors
● Data transfers
● Penalties
Your users!
You!
17. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
18. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
19. Read your Horoscope!
(You have to be an EU citizen and 18+)
Username
Birthday
Country
sebastian
April 28th, 1990
Czech Republic
20. Read your Horoscope!
(You have to be an EU citizen and 18+)
Username
Birthday
Country
sebastian
April 28th, 1990
Czech Republic
27. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
28. Delete user data
● When your app no longer needs the data
● When a user deletes their account
41. // functions/index.js
// Paths to user data to export or delete
exports.clearData = functions.auth.user().onDelete((event) => {
const uid = event.data.uid;
const dbPromise = clearDatabaseData(uid);
const storagePromise = clearStorageData(uid);
const firestorePromise = clearFirestoreData(uid);
const promises = [dbPromise, storagePromise, firestorePromise];
return Promise.all(promises).then(() =>
console.log(`Successfully removed data for user ${uid}.`)
);
});
link.firebase.events/h4
42. // functions/index.js
// Paths to user data to export or delete
exports.clearData = functions.auth.user().onDelete((event) => {
const uid = event.data.uid;
const dbPromise = clearDatabaseData(uid);
const storagePromise = clearStorageData(uid);
const firestorePromise = clearFirestoreData(uid);
const promises = [dbPromise, storagePromise, firestorePromise];
return Promise.all(promises).then(() =>
console.log(`Successfully removed data for user ${uid}.`)
);
});
link.firebase.events/h4
43. // functions/user_privacy.json
// Paths to user data to export or delete
{
"storage": {
"clearData": [
["myproject.appspot.com", "UID/sample_data.json"],
["myproject.appspot.com", "UID/avatar"]
],
},
"firestore": {
"clearData": [
{"collection": "users", "doc": "UID", "field": "last_name"},
{"collection": "admins", "doc": "UID"}
]
}
}
link.firebase.events/h4
44. // functions/index.js
// Paths to user data to export or delete
exports.clearData = functions.auth.user().onDelete((event) => {
const uid = event.data.uid;
const dbPromise = clearDatabaseData(uid);
const storagePromise = clearStorageData(uid);
const firestorePromise = clearFirestoreData(uid);
const promises = [dbPromise, storagePromise, firestorePromise];
return Promise.all(promises).then(() =>
console.log(`Successfully removed data for user ${uid}.`)
);
});
link.firebase.events/h4
45. // functions/user_privacy.json
// Paths to user data to export or delete
exports.clearData = functions.auth.user().onDelete((event) => {
const uid = event.data.uid;
const dbPromise = clearDatabaseData(uid);
const storagePromise = clearStorageData(uid);
const firestorePromise = clearFirestoreData(uid);
const promises = [dbPromise, storagePromise, firestorePromise];
return Promise.all(promises).then(() =>
console.log(`Successfully removed data for user ${uid}.`)
);
});
link.firebase.events/h4
46. // functions/index.js
// Deletes user data from the RealTime Database
const clearDatabaseData = (uid) => {
const paths = userPrivacyPaths.database.clearData;
const promises = [];
for (let i = 0; i < paths.length; i++) {
const path = replaceUID(paths[i], uid);
promises.push(db.ref(path).remove().catch((error) => {
// Avoid execution interuption.
console.error('Error deleting data at ', path, error);
}));
}
return Promise.all(promises).then(() => uid);
};
link.firebase.events/h4
47. // functions/index.js
// Deletes user data from the RealTime Database
const clearDatabaseData = (uid) => {
const paths = userPrivacyPaths.database.clearData;
const promises = [];
for (let i = 0; i < paths.length; i++) {
const path = replaceUID(paths[i], uid);
promises.push(db.ref(path).remove().catch((error) => {
// Avoid execution interuption.
console.error('Error deleting data at ', path, error);
}));
}
return Promise.all(promises).then(() => uid);
};
link.firebase.events/h4
48. // functions/index.js
// Deletes user data from the RealTime Database
const clearDatabaseData = (uid) => {
const paths = userPrivacyPaths.database.clearData;
const promises = [];
for (let i = 0; i < paths.length; i++) {
const path = replaceUID(paths[i], uid);
promises.push(db.ref(path).remove().catch((error) => {
// Avoid execution interuption.
console.error('Error deleting data at ', path, error);
}));
}
return Promise.all(promises).then(() => uid);
};
link.firebase.events/h4
49. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
56. service firebase.storage {
match /b/{bucket}/o {
match /exportData {
// Only allow access to exported data by the user
// who requested an export
match /{uid} {
allow read, write: if request.auth.uid == uid
}
match /{uid}/{path=**} {
allow read, write: if request.auth.uid == uid
}
}
}
}
firebase.events/q4
61. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
70. Rules Takeaways
● Never trust data from client apps
● Write rules with the Security Simulator
● Test rules with the Security Rules Emulator
71. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
72. Take a look at our data
retention policies
link.firebase.events/h6
73. Take a look at our data
retention policies
link.firebase.events/h7
74. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
82. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log
83. Separate Public
from
Private Dataservice cloud.firestore {
match /databases/{database}/documents {
match /users/{uid}/public {
allow read, write;
}
match /users/{uid}/private {
allow read, write:
if request.auth.uid == uid;
}
}
}
84. service cloud.firestore {
match /databases/{database}/documents {
match /public/{uid} {
allow read, write;
}
match /private/{uid} {
allow read, write:
if request.auth.uid == uid;
}
}
}
Separate Public
from
Private Data
85.
86.
87. Reduce the user data that you store
Manage user data with Cloud Functions:
Delete data you no longer need
Export data on request
Security Rules!
Inform users about data collection:
Storage Retention Policies
Firebase Instance IDs
Storing Privacy Settings
Keeping an Activity Log