GDPR is an acronym, acronyms are pseudo-words made of words with a blended meaning. General Data Protection Regulation, hopefully fairly self explanatory in terms of principle if not necessarily in terms of requirements of enforcement. There are many, many acronyms in the software world. You’d better not confuse your EOL character with your EOF character or you’ll be at work past COB trying to write a REGEX to parse that file of GUIDs.
One of those many acronyms is YAGNI, You Aren’t Gonna Need It. It’s a principle from the world of Extreme Programming. The words “Extreme Programming” should clue you into the fact that the principle is from the 90’s and isn’t particularly extreme any more.
In its simplest sense YAGNI means don’t write any code you don’t need right now. When programming it’s easy to come unstuck from normal concepts like time, much to the annoyance of business people everywhere. What that means in practice is that developers can get into the dangerous habit of remembering to have written code that we needed in future, which isn’t ideal because as far as your future self is concerned your current self is not to be trusted.
YAGNI reminds us to only remember the future in meetings, where someone non-technical says “Oh and we should include messaging between users too.” as an afterthought and you stare off into space remembering that inter-user messaging got so complex Facebook decided to make it a whole app on it’s own. You remember your own future of layout, caching and timing bugs stretching out into the grey infinity and you would scream but you don’t know if you’re still in the meeting, if you’ve already finished work and gone home or if it’s breakfast time and the meeting is happening later today.
Where is this going?
Sit beside me, in this parenthesis of salt, and remember a future. You had an idea for an app, it’s fantastic and likely to be super popular, you’re currently working through all the features you want.
You’re going to have users, so you want their emails, passwords, names, ages, childhood friend’s name, pets name, mother’s maiden name, address and so on. Just to prove who they are you understand, nothing questionable here, if it’s good enough for the banks it’s good enough for you.
Dark clouds loom over you, the words “GDPR penalties” are whispered on the wind. Oh, you also want social media integration so that people can share that they are using your app?
Suddenly! A gap in the clouds, a ray of light. Some nearby shrubbery catches fire and says the words “Social Login” to you. A choir of angels sing: “YAGNI!”
Social Login, for those that don’t know, is the practice of offloading user authentication on to an external provider. Most commonly large social networking applications like Facebook and Twitter. While it isn’t a magic bullet and does come with some issues of its own the pros in this case outweigh the cons.
You don’t need to hold all that information on your users if someone else will do it for you, you don’t want to be holding it at all if you can avoid it. In the world of GDPR if you’re planning on integration with social networks being a key part of your app why are you wasting time building a classical authentication system? You could be polishing your USP to a mirror shine and making sure that the data you actually need to keep is held in a GDPR compliant way.
Don’t remember things about your users a social network already does.
You aren’t going to need it.