Data privacy laws like the EU’s GDPR grant users new rights to their data, such as the right to request access and deletion. To comply with these requests, developers manually implement, audit, and maintain infrastructure to identify and extract all data for a user on request. This is costly and error-prone, and imposes burden especially on small and medium organizations, as non-compliance risks steep fines.
In this talk, I will describe an effort to construct storage systems that comply with key provisions of privacy laws like the GDPR by construction. Specifically, I will focus on a new database-like storage system design that complies with privacy laws by construction. The key idea is to organize data primarily by user: each user has their own micro-database (µDB), which contains all data related to them and which the user can download or remove at any time. Combined, the active µDBs constitute the application state. This easy-to-understand model explicitly associates data with users, gives confidence that data access and removal requests are handled correctly, and requires little developer effort.
The challenge is to make µDBs efficient: application queries that access thousands of µDBs would be slow. Our system uses a combination of static analysis, query rewriting, and materialized views to make web application requests fast even though the storage is split into many µDBs. A prototype illustrates that performance with tens of thousands of µDBs is competitive with MariaDB, a widely-used database without privacy compliance.
Please email for a
Malte Schwarzkopf is an Assistant Professor of Computer Science at Brown University. His research is on new abstractions that deliver efficient, easy-to-use, and trustworthy computer systems. Recent projects include high-performance remote memory, systems to make web services privacy-compliant by construction, and JIT-compiling Python data science pipelines. Malte is a recipient of the NSF CAREER award, a Google Research Award, and best paper awards at NSDI and EuroSys. Prior to Brown, Malte was a postdoc with MIT's PDOS group and completed his PhD at the University of Cambridge. He is still getting used to not living in a city called Cambridge.