schnuerle
commented
1 year ago We may be able to add some of these items to MDS 2.0 with PR #813 , but I'm not sure how best to add them. Do you have some ideas of which are both the highest priority to add and have a straightforward implementation, @quicklywilliam ?
Is your feature request related to a problem? Please describe.
With MDS 1.2 and the Requirements API, it is possible for the first time for Agencies to specify which data they need, and which data should not be shared. This is a major step forward for Data Minimization by allowing for the creation of best practices and example Requirements files that describe how to make minimal data requests for common use cases.
A related step I'd love to see MDS take is to describe data retention practices. This could cover some or all of the following capabilities:
These requirements could be expressed at the API, endpoint and perhaps even the field level. Here are some example use cases:
A note on aggregate data My intention with this issue is to allow for explicit requirements around the retention of raw (particularly sensitive) data being delivered via MDS. This seemed like a good place to draw the line for now, but aggregate data can also sometimes be sensitive. It's an open, related question whether and how MDS might someday attempt to describe the retention of data that has been aggregated, analyzed etc.
Describe the solution you'd like
I'm imagining this as an extension to the Requirements API.
Is this a breaking change
Probably, insofar as it might allow for the creation of breaking requirements on operator implementations. Possibly this could be avoided with a conditional period, as we allowed for with Requirements in 1.2.
Impacted Spec
For which spec is this feature being requested?
requirementsAdditional context
See also the #608 and #646.