PRIVGUARD: Privacy Regulation Compliance Made Easier

Continuous compliance with privacy regulations, such as GDPR and CCPA, has become a costly burden for companies from small-sized start-ups to business giants. The culprit is the heavy reliance on human auditing in today's compliance process, which is expensive, slow, and error-prone. To address the issue, we propose PRIVGUARD, a novel system design that reduces human participation required and improves the productivity of the compliance process. PRIVGUARD is mainly comprised of two components: (1) PRIVANALYZER, a static analyzer based on abstract interpretation for partly enforcing privacy regulations, and (2) a set of components providing strong security protection on the data throughout its life cycle. To validate the effectiveness of this approach, we prototype PRIVGUARD and integrate it into an industrial-level data governance platform. Our case studies and evaluation show that PRIVGUARD can correctly enforce the encoded privacy policies on real-world programs with reasonable performance overhead.