Abstract: Methods, systems, and devices for data processing are described. Some database systems may implement data processing permits to manage data access. A database system may use encryption schemes to tie permits to data (e.g., cryptographically ensuring that the system follows data regulations). To support queries for a database implementing such encryption schemes, the database may implement a proxy. When the system receives a query, the database proxy may intercept and transform the query based on the encryption schema of the database. The database proxy may execute the transformed query at the database, receive encrypted query results in response, and decrypt the results for use by the querying application. Additionally, the system may access relevant data processing permits to support querying operations. For example, the system may use permits when transforming the query, executing the query in the database, preparing query results for the querying application, or any combination thereof.

Abstract: Methods, systems, and devices for data processing are described. Some systems may support data processing permits and cryptographic techniques tying user consent to data handling. By tying user consent to data handling, the systems may comply with data regulations on a technical level and efficiently update to handle changing data regulations and/or regulations across different jurisdictions. For example, the system may maintain a set of data processing permits indicating user consent for the system to use a user's data for particular data processes. The system may encrypt the user's data using a cryptographic key (e.g., a cryptographic nonce) and may encrypt the nonce using permit keys for any permits applicable to that data. In this way, to access a user's data for a data process, the system may first verify that a relevant permit indicates that the user complies with the requested process prior to decrypting the user's data.

Abstract: Methods, systems, and devices for data processing are described. Some database systems may support differential privacy for encrypted data. For example, a database may store user data as ciphertext. A system may receive a statistical query for the user data and may identify a relevant differential privacy mechanism. The system may transform the query to operate on encrypted data while including a noisification function based on the mechanism. The system may execute the transformed query at the database, involving adding noise to the query result according to the noisification function without decrypting the data. For example, the system may leverage homomorphic encryption techniques to inject the noise while the data remains encrypted. The database may return the noisified, encrypted query results, which the system may decrypt for statistical analysis. By applying differential privacy on the encrypted data, the system may avoid exposing any private user information throughout the process.

Abstract: Methods, systems, and devices for data processing are described. In some systems, data pipelines may be implemented to handle data processing jobs. To improve data pipeline flexibility, the systems may use separate pipeline and policy declarations. For example, a pipeline server may receive both a pipeline definition defining a first set of data operations to perform and a policy definition including instructions for performing a second set of data operations, where the first set of data operations is a subset of the second set. The server may execute a data pipeline based on a trigger (e.g., a scheduled trigger, a received message, etc.). To execute the pipeline, the server may layer the policy definition into the pipeline definition when creating an execution plan. The server may execute the execution plan by performing a number of jobs using a set of resources and plugins according to the policy definition.