search

blindnet-io / product-management

Repository dedicated for reporting bugs, ideas for improvements, and new features
6 stars 0 forks source link

Add Syntactic Sugar to Privacy Scope Definitions across Endpoints and Components #1003

Open milstan opened 2 years ago

milstan commented 2 years ago

Current Situation

Currently the followign privacy scope:

"scope": [
    {
      "dc": ["AFFILIATION.MEMBERSHIP", "AFFILIATION.SCHOOL", "AFFILIATION.WORKPLACE", "DEMOGRAPHIC.AGE", "CONTACT", "IMAGE", "UID", "OTHER-DATA"],
      "pc": ["COLLECTION", "STORING", "USING"],
      "pp": "EMPLOYMENT"
    }
  ]

Must be defined in the following (flat) way:

    "scope": [
    { "dc": "AFFILIATION.MEMBERSHIP", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.MEMBERSHIP", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.MEMBERSHIP", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.SCHOOL", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.SCHOOL", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.SCHOOL", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.WORKPLACE", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.WORKPLACE", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "AFFILIATION.WORKPLACE", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "DEMOGRAPHIC.AGE", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "DEMOGRAPHIC.AGE", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "DEMOGRAPHIC.AGE", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "CONTACT", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "CONTACT", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "CONTACT", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "IMAGE", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "IMAGE", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "IMAGE", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "UID", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "UID", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "UID", "pc": "USING", "pp": "EMPLOYMENT" },
    { "dc": "OTHER-DATA", "pc": "COLLECTION", "pp": "EMPLOYMENT" },
    { "dc": "OTHER-DATA", "pc": "STORING", "pp": "EMPLOYMENT" },
    { "dc": "OTHER-DATA", "pc": "USING", "pp": "EMPLOYMENT" }
]

This is complex and not really user-friendly knowing that human DPOs should be able to set this configuration (easily)

What to do

Implement (in all functions taking Privacy Scopes or their dimensions as arguments) a translation allowing to generate flattened privacy scope triples out of Privacy Socpe dimensions specified as arrays by performing their vector product.

m4rk055 commented 2 years ago

Same for other endpoints - change data_category to array when defining retention policies, change data_category and provenance to arrays when defining provenances etc.

m4rk055 commented 2 years ago

Done for creating legal bases.