lalc
commented
3 years ago This is a quick way to solve, but in my mind comes with complex consequences. By referring to a sub-agreement in an agreement as you did above, we get into certain complexity, examples:
1) Recursive sub-agreements one gets in when you refer to an agreement within another agreement. There are a few design issues that came to my mind that I need to check further esp towards users. GDPR requires any data usage to be clear and comprehensive from an end-user perspective.
2) For any data agreement that is not with legal basis consent, you cannot have optional attributes. Consent typically is non-mandatory. For e.g. during a registration process, some attributes could be optional clarifying the additional purpose for which the request is being sought. Attributes that are optional shall be defined in a data agreement with legal basis consent.
What is, however, needed is the ability to define multiple data agreements within a single data exchange transaction. So, question is, how do we attach multiple data agreements with one verification?
There may be multiple purposes associated with a single interaction/transaction between individual and controller. The data agreement record is on a per purpose bases and in order to create the relation between data agreements a new list is added to allow to refer to multiple sub-data-agreements. Below is a proposal to be added to the schema. A PR will be issued if agree on the addition.
"sub_data_agreements": [ { "data_agreement_id": "d7216cb1-aedb-471e-96f7-7fef51dedb76" } ]