Module pbd::dua

source ·
Expand description

Background

The practice of implementing Data Usage Agreements addresses the following Privacy Design Strategies:

  • Inform
  • Control
  • Enforce
  • Demonstrate

Whenever data is passed between Actors (e.g.: data collection between an online portal and the backend service to order the product), it is important to ensure that the owners’ consent for how the data wil be used doesn’t become lost in translation.

A privacy engineering practice that supports this promise to adhere how the data may be used is defined in the Data Usage Agreements that are sent with the data.

Usage

  1. The requestor adds a HTTP header Data-Usage-Agreement with the json array of the DUA objects

    JSON Structure

    [ { “agreement_name”: String, “location”: String, “agreed_dtm”: Unix Epoch Number } ]

    HTTP Header

    Data-Usage-Agreement: [{“agreement_name”:“billing”,“location”:“https://iStore.example.org/dup/v2/billing.pdf”,“agreed_dtm”: 1553988607}]

One way is to incorporate the use of DUA objects is directly in the code.

extern crate pbd;

use pbd::dua::DUA;

fn main() {
    let serialized = r#"{ "agreement_name": "For Billing Purpose", "location": "https://iStore.example.org/dup/v2/billing.pdf", "agreed_dtm": 1553988607 }"#;
    let dua = DUA::from_serialized(&serialized);

    match dua.agreement_name.as_ref() {
        "For Billing Purpose" => println!("We can use the data for sending a bill."),
         _ => println!("Oops: We can't use the data this way!")
     }
     
    // Additionally, retrieve the Data Usage Policy that was agreed to using the DUA `location` attribute and
    // check how the Data Usage Policy allows the processor (Actor) to use the data,
    // (e.g.: The DUP may have only an associated usage of `essential.service.payment_processing`
    //        with an associated category of `user.financial.credit_card`, so the bank account information
    //        sent to the processor cannot be used to process a payment because the customer never agreed
    //        to have their bank account data used in that manner).
}

Modules

Structs

  • DUA
    Represents a Data Usage Agreement (DUA)

Statics

  • DUA_HEADER
    The standard header attribute for list (array) of the Data Usage Agreements