Privacy by Design - How to handle PII in events?

[Basje]

Hello Marten community!

I've been playing around with a project idea which will use event sourcing, and found Marten. Since I'm a big fan of Postgres, I am eager to start playing around with Marten and see if it will fit my use case.

One of the requirements of the project is doing privacy by design. I am trying to figure out how to merge the read-only nature of events and the purge of PII from the system. When I search the internet for approaches there are a few schools of thought:

1. Reference the PII using some key. When the PII needs to be purged, delete them and (optionally) remove the references from the events.
2. Encrypt the PII using a strong key per user. When the PII needs to be purged, throw away the key.
3. A combination of 1 and 2.

What annoys me most about those approaches is that it will largely defeat the usefulness of event sourcing. So I thought of a different approach, which would be:

4. Put all PII on the events, but in the spirit of privacy by design, actually design the events to support this. My naive approach here would be: split events into mutable and immutable event data. All PII should go into the mutable part of the data, and when the PII needs to be purged, load the events and run some purge logic, probably removing the mutable part.

Having read through the documentation, Marten doesn't seem to support this right now. Presumably because event sourcing is based on append-only writing.

So my questions to you are:

• Does Marten allow reading and updating of events so that I can implement this logic myself?
• If it does; how would I do this and do you foresee any problems with this approach?
• If it does not; what would you propose to do to solve this issue? (I am open to alternative approaches)
• If it does not; is it possible that this feature will be added at some point? Depending on the complexity, I could maybe contribute.

With the GDPR getting more and more important in the EU, and event sourcing becoming more popular, it could be a nice USP for Marten.

Looking forward to your thoughts.

[gfoidl]

For reference, this is also touched in #2779.