Commercial data marketplaces and clean rooms increasingly span edge devices, on-premise repositories, and multiple public clouds, yet most deployments still enforce consent, purpose, licensing, residency, and privacy budgets at coarse granularity or after execution. We present TrustDS, a governance layer that compiles human-readable policy into a guarded execution directed acyclic graph (DAG), jointly plans privacy-enhancing technologies (PETs) and placement across edge and cloud locations, and emits portable evidence bundles for every policy-relevant boundary. The paper intentionally narrows its claims: TrustDS is not a new cryptographic query engine and it does not claim machine-checked malicious security for arbitrary secure backends. Instead, it contributes systems-level policy safety, fail-closed revocation semantics, and reproducible compliance evidence under explicit assumptions about the underlying PETs. We formalize a multi-domain threat model, define operational semantics for guarded execution, and prove policy safety and passive-adversary confidentiality modulo explicit leakage functions. Empirically, we ground the study in primary publisher microdata that are also discoverable through marketplace or public-exchange channels: CDC BRFSS and NHANES, CFPB consumer complaints, NYC TLC trip records, and Iowa Liquor Sales. Across five matched workload families, TrustDS improves median end-to-end latency by 25.8% (95% CI 21.6-30.0) over centralized transfer and by 15.9% (95% CI 12.8-19.0) over a governed clean-room exchange, while maintaining 100% dynamic-consent coverage with 118 ms median and 190 ms p95 revocation delay. A separate 622-run split-ownership TPC-H campaign is used only as a scoped backend calibration study, showing that SecretFlow-SCQL offers the strongest latency-coverage balance in the tested two-party setting whereas ORQ offers a stricter confidentiality posture at materially higher latency. The resulting manuscript is aligned to scientific-validity expectations: explicit assumptions, restrained conclusions, documented limitations, figure source data, and reproducible benchmark artifacts.
Dockara et al. (Sat,) studied this question.