Retrofitting GDPR compliance onto legacy databases-Reference-Cited by-同舟云学术

Retrofitting GDPR compliance onto legacy databases

Published:2021-12 Issue:4 Volume:15 Page:958-970
ISSN:2150-8097
Container-title:Proceedings of the VLDB Endowment
language:en
Short-container-title:Proc. VLDB Endow.

Author:

Agarwal Archita¹,George Marilyn²,Jeyaraj Aaron²,Schwarzkopf Malte²

Affiliation:

1. Denison University

2. Brown University

Abstract

New privacy laws like the European Union's General Data Protection Regulation (GDPR) require database administrators (DBAs) to identify all information related to an individual on request, e.g. , to return or delete it. This requires time-consuming manual labor today, particularly for legacy schemas and applications. In this paper, we investigate what it takes to provide mostly-automated tools that assist DBAs in GDPR-compliant data extraction for legacy databases. We find that a combination of techniques is needed to realize a tool that works for the databases of real-world applications, such as web applications, which may violate strict normal forms or encode data relationships in bespoke ways. Our tool, GDPRizer, relies on foreign keys, query logs that identify implied relationships, data-driven methods, and coarse-grained annotations provided by the DBA to extract an individual's data. In a case study with three popular web applications, GDPRizer achieves 100% precision and 96--100% recall. GDPRizer saves work compared to hand-written queries, and while manual verification of its outputs is required, GDPRizer simplifies privacy compliance.

Publisher

Association for Computing Machinery (ACM)

Subject

General Earth and Planetary Sciences,Water Science and Technology,Geography, Planning and Development

Link

https://dl.acm.org/doi/pdf/10.14778/3503585.3503603

Reference45 articles.

1. The Web framework for perfectionists with deadlines | Django . URL https://www.djangoproject.com/. Accessed 13 Dec. 2021 . The Web framework for perfectionists with deadlines | Django. URL https://www.djangoproject.com/. Accessed 13 Dec. 2021.

2. The Hacker News . URL https://thehackernews.com/. Accessed 13 Dec. 2021 . The Hacker News. URL https://thehackernews.com/. Accessed 13 Dec. 2021.

3. moz-sql-parser - SQL query parser. URL https://github.com/mozilla/moz-sql-parser. Accessed 13 Dec. 2021 . moz-sql-parser - SQL query parser. URL https://github.com/mozilla/moz-sql-parser. Accessed 13 Dec. 2021.

4. Reddit. URL https://www.reddit.com/. Accessed 13 Dec. 2021 . Reddit. URL https://www.reddit.com/. Accessed 13 Dec. 2021.

5. Ruby on Rails . URL https://rubyonrails.org/. Accessed 13 Dec. 2021 . Ruby on Rails. URL https://rubyonrails.org/. Accessed 13 Dec. 2021.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Disposable identities: Solving web tracking;Journal of Information Security and Applications;2024-08

2. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

3. Enhancing AI System Privacy: An Automatic Tool for Achieving GDPR Compliance in NoSQL Databases;Computers, Materials & Continua;2024

4. Data-CASE: Grounding Data Regulations for Compliant Data Processing Systems;SSRN Electronic Journal;2024

5. Toward a Universal and Sustainable Privacy Protection Framework;Digital Government: Research and Practice;2023-12-07