Security and Privacy with Second-Hand Electronic Devices

As the second-hand electronics market grows, it plays a vital role in the circular economy by extending the life of devices and reducing e-waste. Yet, storage-equipped devices, from laptops and smartphones to USB sticks and memory cards, often contain remnant data: leftover files from previous users (personal or professional) that may reveal sensitive information. This creates privacy risks for former users and security risks for new users, threatening trust in the second-hand market ecosystem.

Our project examines these risks from multiple angles: consumer transactions on online marketplaces, corporate device lifecycle management, and the research practices used to study remnant data. We combine online surveys, in-depth interviews, and a systematic review of decades of technical and human-centred studies.

Early results show that, while prior forensic studies often report that remnant data can be recovered from many second-hand devices, our own user-focused study found that typical buyers on second-hand transaction platforms rarely find—or even attempt to access—such data. However, even isolated incidents can lead to severe consequences, especially when sensitive or illegal material is involved. We also found gaps in user awareness. In corporate contexts, employee training and policy communication are inconsistent, and risk perceptions vary widely.

To strengthen the circular economy, we call on organizations and policymakers to adopt verifiable data-wiping standards, improve user awareness, and support open guidance for safe reuse. Our forthcoming tutorial will equip researchers and practitioners with concrete, legally and ethically grounded, and methodologically rigorous recommendations for studying remnant data, ensuring results that are both reliable and socially responsible.

Read the final brief to learn more about this research project.