• 
  
    
 
    
 
    

    



    
    
    
    
     
    






    
 
    


 
    



    
 

 

  

  

 

    


  
    





    
 
    



  

    
 
 
    
  
    Add a new module for better ensuring privacy of user data.
    
 
    

    



 
    
 
    

  Review Request #9893
  —
  Created April 25, 2018 and submitted  — Latest diff uploaded 

 
    


    




    




    




 
    
  
    
   Information

  
    



    
 
 
    
  chipx86
 
    

    





    
 
 
    
  Djblets
 
    

    





    
 
 
    
  release-1.0.x
 
    

    





    
 
 
    
  
 
    

    





    
 
 
    
  
 
    

    





    
 
 
    
  0f5c4fa...
 
    

    



 
    



 
    
  
    
   Reviewers

  
    



    
 
 
    
  djblets
 
    

    





    
 
 
    
  
 
    

    



 
    



    


    
 
    




  

    
 
 
    
  
    This introduces djblets.privacy, a new module designed for more easily
    
ensuring protection of private user data, helping Django applications to
    
meet GDPR compliance and to otherwise help with the management and
    
safe-keeping of user data.
    

    This initial version of the module focuses on consent tracking, giving
    
users control over operations or processing of data. It's designed to
    
allow applications (and even extensions) to dynamically register things
    
that require consent, to check if the user granted/denied that consent,
    
to (later) present options for consent, and to keep an audit log for
    
later proof. For now, only the backend is in place, with UI helpers
    
coming later.
    

    This lives almost exclusively within the djblets.privacy.consent
    
module (with models living in djblets.privacy.models). There are a few
    
components:
    

      

    • 

      Consent: An enum containing values to represent whether
      
  consent was given or denied, or simply not set yet.
      

      • 

    • 

      ConsentRequirement: Represents a part of a product that requires
      
  consent. This can be instantiated with a unique ID, displayable name
      
  and description, and an optional URL for learning more about the
      
  requirement (useful for linking to privacy policies or documentation).
      

      • 

    • 

      ConsentRequirementsRegistry: Used to register, track, and look up
      
ConsentRequirement instances.
      

      • 

    • 

      ConsentData: An object for store consent and consent-related
      
  information (timestamp, source of where the consent was given, and
      
  additional data to include), for serializing or deserializing.
      

      • 

    • 

      BaseConsentTracker/DatabaseConsentTracker: Used to record if
      
  consent was given or denied for a requirement, check that consent on
      
  demand, and for keeping an audit log for helping to later document and
      
  prove when users set, denied, or revoked consent. By default,
      
DatabaseConsentTracker (which stores the data in the database) is
      
  used, but projects can make use of custom ones for storing the audit
      
  data in other locations outside the database.
      

      • 

    

    With this module, it will be very easy to start enforcing user control
    
of the processing of data without a lot of additional work.
    

    Future changes will build on this to offer standard UI for consent
    
management and redacting of personal information before sending to
    
services.
    
 
    

    





  

    
 
 
    
  
    Unit tests pass.
    

    Built the docs and checked for build and generation errors.