I was wondering if anyone had experience and/or recommendations for implementing the California Consumer Privacy Act (aka Right To Be Forgotten, RTBF) with Axon’s event store. Obviously, the event store was designed to be an immutable, write-only data store. However, RTBF dictates that any consumer data has to be purged from the record. As such, I am looking at having to use something (probably the deadline manager) to get a reference to the domain_event_entry table, find the events in question, and start modifying the entries in such a way that the targeted data is not recoverable.
Does anyone have any experience with this in Axon, and are there any recommended ways to go about achieving this?
Axon has a commercial extension https://axoniq.io/product-overview/axon-data-protection which was initially created to support GDPR.
Basically, it enables you to encrypt your messages. If you choose to forget/delete them, you throw away the key. This way you do not physically delete messages/events (they are immutable).
You can choose quantum resistant algorithms for encryption if you have hard requirements in your system. This practice is also known as Crypto-shredding, Crypto-erasure, …
Thank you for the response. Unfortunately, the commercial extension will not be an option.
I have noticed that the default implementation of the DomainEventEntry entity, and the wiring around it, is all designed to be immutable. At this point I am assuming I will have to over-write the record using a sizeable amount of reflection.
Would there be anything in the default framework that would make this task easier?
The framework provides all the means to read and write any type of message, thus also events.
Just build a dedicated tool which reads from a given Event Store and writes to another.
Note that using the Axon Data Protection module will greatly simplify the requirement you are having, as well as that it will get you automatic support.
Through that approach we can assist you a lot better than through this free forum which we scan every week or so for pending question.
Hope this clarifies your options David, I hope you reconsider on the ADP-module.