Backend Out of the Box Privacy Notices

[pattisdr]

❗ Blocked by product supplying the default privacy notices.

Is your feature request related to a specific problem?

Allows Ethyca to define default privacy notices that can be returned to the Compliance person as a starting point from which to tailor their Privacy Notices.

Describe the solution you'd like

See Design Doc: Out of the Box Privacy Notices

Describe alternatives you've considered, if any

A description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.

[pattisdr]

Blocked by needing privacy notices from product

[Kelsey-Ethyca]

@mfbrown to finalize tomorrow

[allisonking]

Based on this figma jam, @pattisdr suggested:

1. Create a separate table PrivacyNoticeTemplate
2. On start up, populate PrivacyNoticeTemplate with the out of the box notices
3. Then, populate the existing PrivacyNoticeTable with the same exact contents as PrivacyNoticeTemplate, but also fill in a FK back to PrivacyNoticeTemplate so we know where it came from.
4. The UI can then continue just querying /privacy-notice and we won't do the reverting to template logic yet. But at least we will have a link between a notice and its template in place!

I think that means we can close this ticket out (I had thought there would need to be UI work, but looks like it can mostly be a backend thing and the FE will still query the same endpoint. does that sound right?) #3028

[pattisdr]

Well I meant this to be the backend ticket @allisonking - don't close this one!

[allisonking]

oops, I meant to say I'd close this one out!

[pattisdr]

Note: I have a draft here: #3120, that creates a privacy notice template table, automatically populates on startup, and then creates notices from the templates. If the templates change, they are automatically updated on restart, but notices created from those templates aren't changed.

Moving to blocked though because I was only able to create notices for a subset of the notices listed here due to missing data uses https://ethyca.atlassian.net/wiki/spaces/PM/pages/2656108545/Privacy+Notice+Templates, and many of these notices will change with fides lang 1.4. Michael said he's okay waiting until fides lang 1.4.

[rsilvery]

Since we don't have the Fideslang stuff scheduled until sprint 10, what is the impact of putting this in the backlog or moving to the post-connector sprint 12? Is this needed to ship @mfbrown , @Kelsey-Ethyca ? If it's needed now we should talk to Thomas about the fideslang work and get it prioritized.

[mfbrown]

We will need to update how we represent EU/European Economic Area countries. The GDPR applies to all EU countries, plus Iceland, Liechtenstein and Norway. Additionally, we'll need to include the UK, since they have a GDPR equivalent.

[Roger-Ethyca]

moving to done