djblets.privacy, a new module designed for more easily
ensuring protection of private user data, helping Django applications to
meet GDPR compliance and to otherwise help with the management and
safe-keeping of user data.
This initial version of the module focuses on consent tracking, giving
users control over operations or processing of data. It's designed to
allow applications (and even extensions) to dynamically register things
that require consent, to check if the user granted/denied that consent,
to (later) present options for consent, and to keep an audit log for
later proof. For now, only the backend is in place, with UI helpers
This lives almost exclusively within the
module (with models living in
djblets.privacy.models). There are a few
Consent: An enum containing values to represent whether
consent was given or denied, or simply not set yet.
ConsentRequirement: Represents a part of a product that requires
consent. This can be instantiated with a unique ID, displayable name
and description, and an optional URL for learning more about the
requirement (useful for linking to privacy policies or documentation).
ConsentRequirementsRegistry: Used to register, track, and look up
ConsentData: An object for store consent and consent-related
information (timestamp, source of where the consent was given, and
additional data to include), for serializing or deserializing.
DatabaseConsentTracker: Used to record if
consent was given or denied for a requirement, check that consent on
demand, and for keeping an audit log for helping to later document and
prove when users set, denied, or revoked consent. By default,
DatabaseConsentTracker (which stores the data in the database) is
used, but projects can make use of custom ones for storing the audit
data in other locations outside the database.