Data Rights
Level:
Third-Year Databases
Class Time:
Two 1-hour classes
Last Modified:
Sat 25 January 2025
In this module, we consider the rights that people have over the data that is stored about them in databases. Suppose that someone requests that their personal data be deleted. Should a database administrator carry out that request?
In the technical part of the module, students learn that deletion from a relational database is not straightforward. Ordinarily, deletion from a relational database proceeds by making the data inaccessible to ordinary users rather than by completely removing it. To completely, irreversibly delete data from a relational database requires further steps, like the deletion of logs, that are in tension with the integrity of all the data stored in the database.
In the philosophical part of the module, students consider some of the stakeholders who might be affected by a request to delete data, including users, database owners, and third parties. Consideration of these stakeholders reveals a number of ethical issues at play, including privacy, data ownership, freedom of speech, and public interest. The module concludes by discussing the "right to be forgotten", the right enshrined in EU law that allows people to request the delinking of information about them from search engines after a reasonable amount of time has passed. The module ends with a group activity in which students imagine themselves as adminstrators of a student evaluations database tasked with evaluating deletion requests from a variety of professors in different circumstances.
This module was developed by Steven Coyne and Diane Horton. David Liu, Niv Diyan, Jovy Chan, and Jacqueline Smith provided feedback on this module.
Materials
Module materials coming soon.