New research warns GDPR focus misses global privacy blind spots

A new paper from Shantanu Sharma, Ethan Myers, Lorenzo De Carli, Ritwik Banerjee, and Indrakshi Ray (accepted at ACM CODASPY 2026) challenges the privacy research community's heavy reliance on the European GDPR as the primary reference framework. While GDPR was pioneering and clear, the authors argue this focus creates a significant blind spot—ignoring privacy attitudes, concerns, and legal frameworks from other regions, such as Asia, Africa, and South America. The paper systematically normalizes heterogeneous data protection laws into a unified abstraction modeled on the data lifecycle (collection, storage, processing, sharing, deletion).

This abstraction serves as a foundation for implementing privacy regulations across multiple countries and stakeholders—users, organizations, and governments. By broadening the perspective beyond Western laws, the work aims to guide the development of technology that respects local legal nuances while enabling global data flows. The authors hope this will inspire more inclusive research and practical privacy solutions that work across jurisdictions, not just in GDPR-aligned markets.