Some worthwhile analysis here.

A important consideration, from a data protection / privacy perspective, is how to integrate Policy Decision / Policy Enforcement Points (see https://en.wikipedia.org/wiki/Attribute-based_access_control) with your concept of the Event-based CDP.