Expand description
Background
The practice of implementing Data Usage Agreements addresses the following Privacy Design Strategies:
- Inform
- Control
- Enforce
- Demonstrate
Whenever data is passed between Actors (e.g.: data collection between an online portal and the backend service to order the product), it is important to ensure that the owners’ consent for how the data wil be used doesn’t become lost in translation.
A privacy engineering practice that supports this promise to adhere how the data may be used is defined in the Data Usage Agreements that are sent with the data.
Usage
-
The requestor adds a HTTP header
Data-Usage-Agreement
with the json array of the DUA objectsJSON Structure
[ { “agreement_name”: String, “location”: String, “agreed_dtm”: Unix Epoch Number } ]
HTTP Header
Data-Usage-Agreement: [{“agreement_name”:“billing”,“location”:“https://iStore.example.org/dup/v2/billing.pdf”,“agreed_dtm”: 1553988607}]
One way is to incorporate the use of DUA objects is directly in the code.
extern crate pbd;
use pbd::dua::DUA;
fn main() {
let serialized = r#"{ "agreement_name": "For Billing Purpose", "location": "https://iStore.example.org/dup/v2/billing.pdf", "agreed_dtm": 1553988607 }"#;
let dua = DUA::from_serialized(&serialized);
match dua.agreement_name.as_ref() {
"For Billing Purpose" => println!("We can use the data for sending a bill."),
_ => println!("Oops: We can't use the data this way!")
}
// Additionally, retrieve the Data Usage Policy that was agreed to using the DUA `location` attribute and
// check how the Data Usage Policy allows the processor (Actor) to use the data,
// (e.g.: The DUP may have only an associated usage of `essential.service.payment_processing`
// with an associated category of `user.financial.credit_card`, so the bank account information
// sent to the processor cannot be used to process a payment because the customer never agreed
// to have their bank account data used in that manner).
}
Modules
- Background
- Background
- Background
- Data Usage Agreement specific Errors
- Background
Structs
- Represents a Data Usage Agreement (DUA)
Statics
- The standard header attribute for list (array) of the Data Usage Agreements