How can DB Systems be ready for privacy regulations
Personal data usage and collection are activities that used to growunrestricted. However, several laws in the physical world ensure rights to peo-ple regarding their privacy and information usage. In the last years, legislatorspassed many laws, regulations, and acts to replicate these rights to the digitalworld. By doing so, new constraints, rights, and duties appear on every compo-nent of the data usage and collection workflow. In this paper, we introduce someof these laws, describe some of the rights that highly impact the current designof DBMSs, discuss the challenges raised by these regulations, as well as relatedworks and research opportunities.
General Data Protection Regulation (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46.Official Journal of the European Union, 59:1–88.
Graefe, G., Guy, W., and Sauer, C. (2016).Instant Recovery with Write-Ahead Logging: Page Repair, System Restart, Media Restore, and System Failover, Second Edition. Synthesis Lectures on Data Management. Morgan & Claypool Publishers. DOI 10.2200/S00710ED2V01Y201603DTM044
Haubenschild, M., Sauer, C., Neumann, T., and Leis, V. (2020). Rethinking logging, checkpoints, and recovery for high-performance storage engines. InSIGMOD Confer-ence, pages 877–892. ACM. DOI 10.1145/3318464.3389716
Kessler, S., Hoff, J., and Freytag, J. (2019). SAP HANA goes private - from privacy research to privacy aware enterprise analytics. Proc. VLDB Endow., 12(12):1998–2009. DOI 10.14778/3352063.3352119
Kotsogiannis, I., Tao, Y., Machanavajjhala, A., Miklau, G., and Hay, M. (2019). Architecting a differentially private SQL engine. In CIDR. www.cidrdb.org.
Kraska, T., Stonebraker, M., Brodie, M. L., Servan-Schreiber, S., and Weitzner, D. J.(2019). SchengenDB: A data protection database proposal. In Heterogeneous Data Management, Polystores, and Analytics for Healthcare - VLDB 2019 Workshops, Poly and DMAH, Los Angeles, CA, USA, August 30, 2019, volume 11721of Lecture Notes in Computer Science, pages 24–38. Springer. DOI 10.1007/978-3-030-33752-0_2
Sarkar, S., Papon, T. I., Staratzis, D., and Athanassoulis, M. (2020). Lethe: A tunable delete-aware LSM engine. In SIGMOD Conference, pages 893–908. ACM. DOI 10.1145/3318464.3389757
Schwarzkopf, M., Kohler, E., Kaashoek, M. F., and Morris, R. T. (2019). Position: GDPR compliance by construction. In Poly/DMAH@VLDB, volume 11721 of Lecture Notes in Computer Science, pages 39–53. Springer. DOI 10.1007/978-3-030-33752-0
Shastri, S., Banakar, V., Wasserman, M., Kumar, A., and Chidambaram, V. (2020). Understanding and benchmarking the impact of GDPR on database systems. Proc. VLDB Endow., 13(7):1064–1077. DOI 10.14778/3384345.3384354
Shah, A., Banakar, V., Shastri, S., Wasserman, M., and Chidambaram, V. (2019). Analyzing the impact of GDPR on storage systems. In HotStorage. USENIX Association.
Zhang, H., Liu, X., Andersen, D. G., Kaminsky, M., Keeton, K., and Pavlo, A. (2020).Order-preserving key compression for in-memory search trees. In SIGMOD Conference, pages 1601–1615. ACM. DOI 10.1145/3318464.3380583