How can DB Systems be ready for privacy regulations


Personal data usage and collection are activities that used to growunrestricted. However, several laws in the physical world ensure rights to peo-ple regarding their privacy and information usage. In the last years, legislatorspassed many laws, regulations, and acts to replicate these rights to the digitalworld. By doing so, new constraints, rights, and duties appear on every compo-nent of the data usage and collection workflow. In this paper, we introduce someof these laws, describe some of the rights that highly impact the current designof DBMSs, discuss the challenges raised by these regulations, as well as relatedworks and research opportunities.

Palavras-chave: Privacy, DBMS design


Dwork, C. (2006). Differential privacy. In Automata, Languages and Programming, 33rd International Colloquium, ICALP 2006, Venice, Italy, July 10-14, 2006, Proceedings, Part II, volume 4052 of Lecture Notes in Computer Science, pages 1–12. Springer. DOI 10.1007/11787006\_1

General Data Protection Regulation (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46.Official Journal of the European Union, 59:1–88.

Graefe, G., Guy, W., and Sauer, C. (2016).Instant Recovery with Write-Ahead Logging: Page Repair, System Restart, Media Restore, and System Failover, Second Edition. Synthesis Lectures on Data Management. Morgan & Claypool Publishers. DOI 10.2200/S00710ED2V01Y201603DTM044

Haubenschild, M., Sauer, C., Neumann, T., and Leis, V. (2020). Rethinking logging, checkpoints, and recovery for high-performance storage engines. InSIGMOD Confer-ence, pages 877–892. ACM. DOI 10.1145/3318464.3389716

Kessler, S., Hoff, J., and Freytag, J. (2019). SAP HANA goes private - from privacy research to privacy aware enterprise analytics. Proc. VLDB Endow., 12(12):1998–2009. DOI 10.14778/3352063.3352119

Kotsogiannis, I., Tao, Y., Machanavajjhala, A., Miklau, G., and Hay, M. (2019). Architecting a differentially private SQL engine. In CIDR.

Kraska, T., Stonebraker, M., Brodie, M. L., Servan-Schreiber, S., and Weitzner, D. J.(2019). SchengenDB: A data protection database proposal. In Heterogeneous Data Management, Polystores, and Analytics for Healthcare - VLDB 2019 Workshops, Poly and DMAH, Los Angeles, CA, USA, August 30, 2019, volume 11721of Lecture Notes in Computer Science, pages 24–38. Springer. DOI 10.1007/978-3-030-33752-0_2

Sarkar, S., Papon, T. I., Staratzis, D., and Athanassoulis, M. (2020). Lethe: A tunable delete-aware LSM engine. In SIGMOD Conference, pages 893–908. ACM. DOI 10.1145/3318464.3389757

Schwarzkopf, M., Kohler, E., Kaashoek, M. F., and Morris, R. T. (2019). Position: GDPR compliance by construction. In Poly/DMAH@VLDB, volume 11721 of Lecture Notes in Computer Science, pages 39–53. Springer. DOI 10.1007/978-3-030-33752-0

Shastri, S., Banakar, V., Wasserman, M., Kumar, A., and Chidambaram, V. (2020). Understanding and benchmarking the impact of GDPR on database systems. Proc. VLDB Endow., 13(7):1064–1077. DOI 10.14778/3384345.3384354

Shah, A., Banakar, V., Shastri, S., Wasserman, M., and Chidambaram, V. (2019). Analyzing the impact of GDPR on storage systems. In HotStorage. USENIX Association.

Zhang, H., Liu, X., Andersen, D. G., Kaminsky, M., Keeton, K., and Pavlo, A. (2020).Order-preserving key compression for in-memory search trees. In SIGMOD Conference, pages 1601–1615. ACM. DOI 10.1145/3318464.3380583
Como Citar

Selecione um Formato
MACHADO, Javam de Castro; AMORA, Paulo Roberto Pessoa. How can DB Systems be ready for privacy regulations. In: SIMPÓSIO BRASILEIRO DE BANCO DE DADOS (SBBD), 35. , 2020, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 235-240. ISSN 2763-8979. DOI: