Forgotten @ Scale: A Practical Solution for Implementing the Right To Be Forgotten in Large-Scale Systems
Authors:
Abigail Goldsteen,
Tomer Douek,
Yaniv Cohen,
Igor Gokhman,
Ofir Keren-Ackerman,
Gadi Katsovich,
Grisha Weintraub,
Doron Ben-Ari
Abstract:
The European General Data Protection Regulation asserts data subjects' right to be forgotten, i.e., their right to request that all their personal data be deleted from an organizations' data stores. However, fulfilling such requests in large-scale systems is technically challenging. It requires that organizations keep track of all locations in which an individual's data is stored, be able to acces…
▽ More
The European General Data Protection Regulation asserts data subjects' right to be forgotten, i.e., their right to request that all their personal data be deleted from an organizations' data stores. However, fulfilling such requests in large-scale systems is technically challenging. It requires that organizations keep track of all locations in which an individual's data is stored, be able to access and delete it in a reasonable time frame, and be able to prove that all such data was in fact deleted. In addition, organizations must cope with complexities such as multiple, distributed, and continuously evolving systems of record, complex data retention policies and deletion approval workflows. We present a first design pattern and practical implementation of the right to be forgotten on a large scale in Big Data and cloud environments.
△ Less
Submitted 30 October, 2019;
originally announced October 2019.