GDPR & CloudKit
GDPR & CloudKit
General Data Protection Regulation
- Visibility and control of personal data
- Implementation date of May 25, 2018
- Access and Portability
- Fetch all data from CloudKit - Deletion
- Delete data in CloudKit - Restriction
- Apply account restrictions
iCloud Services for Developers
- Data saved locally
- Data saved to iCloud Backup, Key Value Store, or iCloud Drive
- Data saved to CloudKit
- Right to be informed
- Right to Access
- Right to Data Portability
- Right to Restriction of Processing
- Right to Deletion
- Right to Rectification
- Right to Object
- Rights related to automated individual decision-making
CloudKit Concepts
- Access
- Provide visibility into stored data - Portability
- Export data in standard formats
Image example: .raw or .jpeg
Structured data: .json or .csv - No requirement to import data
- Fulfilling requests from a local cache
- All data must be cached locally
- Perform a sync
- Private database
- Fetch all data - Shared database
- Selectively fetch data - Public database
- Selectively fetch data
Deletion
- Warn the user
- Permanently remove all user data from CloudKit
- Private database
- Delete all zones - Shared database
- Selectively delete records
- Zone deletion changes participant back to invitee - Public database
- Selectively delete records
Restriction
- Pause or unpause
- In GDPR, other rights may trigger restriction
- Restrict rather than delete
- Container-level restriction
- Account-level restriction
