Journaling for dataflow updates
Opened this issue · 0 comments
rpaul48 commented
In the current implementation of GDPR Forget, a second call to DeleteShard
is necessary at the end of ExecForget()
. This is because although the initial call to DeleteShard
removes all data in the user's shard, subsequent anonymization updates may result in data again being added to the user's shard.
We suspect this is because dataflow updates happen after making changes to the database. So, when we look at the indices, we look at values which are not updated. This may be resolved by implementing journaling for dataflow updates.