Skip to content

Commit

Permalink
Update how we Save and Propagate Privacy Preferences [#3013] (#3016)
Browse files Browse the repository at this point in the history 
- Start saving privacy preferences with respect to the "privacy notices"
- Start storing a snapshot of the privacy preferences that were changed every single time they are saved for reporting purposes
- Separately, have a new table that stores the most recently saved privacy preference for a given notice for ease of displaying a user's current preferences
- Expose endpoints to retrieve and save the new privacy preferences after verifying your identity (similar to the consent counterparts that are soon to be deprecated)
- For both the old workflow and the new workflow introduced here, start creating privacy requests every single time preferences are saved.
- Start adding restrictions as to whether we fire requests for a particular consent saas connector or send consent emails: in particular, start comparing privacy notice history data uses and system data uses. the privacy notice history must be enforceable system wide.
- Start adding skipped execution logs for a connector when we don't fire a request (instead of completed logs) and start adding skipped execution logs instead of no execution logs when we opt to not send an email for a connector for clearer record-keeping


Note that the old workflow where we save consent with respect to data uses defined in the privacy center config.json is still preserved here for the time being.
  • Loading branch information
@pattisdr
pattisdr authored Apr 11, 2023
1 parent 2aa7858 commit aee0922
Show file tree
Hide file tree
Showing 50 changed files with 4,707 additions and 246 deletions.
124 changes: 120 additions & 4 deletions .fides/db_dataset.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,43 @@ dataset:
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: currentprivacypreference
description: 'Stores the users latest saved privacy preferences for the given notice'
data_categories: [ ]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
fields:
- name: created_at
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: preference
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacy_notice_history_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacy_notice_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacy_preference_history_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: provided_identity_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: updated_at
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: systemmanager
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
fields:
Expand Down Expand Up @@ -1357,6 +1394,9 @@ dataset:
- name: description
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: internal_description
data_categories: [ system.operations ]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: origin
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
Expand Down Expand Up @@ -1384,10 +1424,10 @@ dataset:
- name: displayed_in_privacy_center
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: displayed_in_banner
- name: displayed_in_overlay
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: displayed_in_privacy_modal
- name: displayed_in_api
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: id
Expand All @@ -1409,6 +1449,9 @@ dataset:
- name: description
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: internal_description
data_categories: [ system.operations ]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: origin
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
Expand Down Expand Up @@ -1436,10 +1479,10 @@ dataset:
- name: displayed_in_privacy_center
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: displayed_in_banner
- name: displayed_in_overlay
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: displayed_in_privacy_modal
- name: displayed_in_api
data_categories: [system.operations]
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: id
Expand Down Expand Up @@ -1821,6 +1864,79 @@ dataset:
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacypreferencehistory
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
fields:
- name: affected_system_status
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: created_at
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: email
data_categories:
- user
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: id
data_categories:
- system.operations
- name: hashed_email
data_categories:
- system.operations
- name: hashed_phone_number
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: phone_number
data_categories:
- user
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: preference
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacy_notice_history_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: privacy_request_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: provided_identity_id
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: relevant_systems
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: request_origin
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: secondary_user_ids
data_categories:
- user
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: updated_at
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: url_recorded
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: user_agent
data_categories:
- user
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: user_geography
data_categories:
- system.operations
data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
- name: userregistration
description: 'Records the registration status of this Fides deployment'
data_categories: null
Expand Down
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ The types of changes are:
- Toggle for enabling/disabling privacy notices in the UI [#3010](https://github.com/ethyca/fides/pull/3010)
- Add endpoint to retrieve privacy notices grouped by their associated data uses [#2956](https://github.com/ethyca/fides/pull/2956)
- Support for uploading custom connector templates via the UI [#2997](https://github.com/ethyca/fides/pull/2997)
- Add a backwards-compatible workflow for saving and propagating consent preferences with respect to Privacy Notices [#3016](https://github.com/ethyca/fides/pull/3016)

### Changed

Expand Down
154 changes: 152 additions & 2 deletions docs/fides/docs/development/postman/Fides.postman_collection.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"info": {
"_postman_id": "71013d58-9646-47e3-b47a-f354d33ad35a",
"_postman_id": "5d1a5ee9-f432-4da2-a9c9-d68c17e776ac",
"name": "Fides",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
Expand Down Expand Up @@ -3648,6 +3648,39 @@
}
},
"response": []
},
{
"name": "Authorize Oauth Connector",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{client_token}}",
"type": "string"
}
]
},
"method": "GET",
"header": [],
"url": {
"raw": "http://localhost:8080/api/v1/connection/{{oauth_connector_key}}/authorize",
"protocol": "http",
"host": [
"localhost"
],
"port": "8080",
"path": [
"api",
"v1",
"connection",
"{{oauth_connector_key}}",
"authorize"
]
}
},
"response": []
}
]
},
Expand Down Expand Up @@ -4520,11 +4553,26 @@
{
"name": "Test Message",
"request": {
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{client_token}}",
"type": "string"
}
]
},
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"email\": {{test_email}}\n}"
"raw": "{\n \"email\": \"{{test_email}}\"\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{host}}/messaging/config/test",
Expand Down Expand Up @@ -5352,6 +5400,93 @@
"response": []
}
]
},
{
"name": "PrivacyPreferences",
"item": [
{
"name": "Create Verification Code for Consent Request",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"phone_number\": \"{{phone_number}}\",\n \"email\": \"{{email}}\"\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{host}}/consent-request",
"host": [
"{{host}}"
],
"path": [
"consent-request"
]
}
},
"response": []
},
{
"name": "Verify Code and Return Current Privacy Preferences",
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"code\": \"{{verification_code}}\"\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{host}}/consent-request/{{consent_request_id}}/verify-for-privacy-preferences",
"host": [
"{{host}}"
],
"path": [
"consent-request",
"{{consent_request_id}}",
"verify-for-privacy-preferences"
]
}
},
"response": []
},
{
"name": "Verify Code and Save Privacy Preferences",
"request": {
"method": "PATCH",
"header": [],
"body": {
"mode": "raw",
"raw": "{\n \"browser_identity\": {\n \"ga_client_id\": \"UA-XXXXXXXXX\",\n \"ljt_readerID\": \"test_sovrn_id\"\n },\n \"code\": \"{{verification_code}}\",\n \"preferences\": [{\n \"privacy_notice_history_id\": \"{{privacy_notice_history_id}}\",\n \"preference\": \"opt_out\"\n }],\n \"request_origin\": \"privacy_center\",\n \"url_recorded\": \"example.com/privacy_center\",\n \"user_agent\": \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24\",\n \"user_geography\": \"us_ca\"\n}",
"options": {
"raw": {
"language": "json"
}
}
},
"url": {
"raw": "{{host}}/consent-request/{{consent_request_id}}/privacy-preferences",
"host": [
"{{host}}"
],
"path": [
"consent-request",
"{{consent_request_id}}",
"privacy-preferences"
]
}
},
"response": []
}
]
}
],
"event": [
Expand Down Expand Up @@ -5668,6 +5803,21 @@
"key": "privacy_notice_id",
"value": "",
"type": "string"
},
{
"key": "privacy_notice_history_id",
"value": "",
"type": "string"
},
{
"key": "test_email",
"value": "",
"type": "string"
},
{
"key": "oauth_connector_key",
"value": "",
"type": "string"
}
]
}
Loading

0 comments on commit aee0922

Please sign in to comment.