Skip to content

Export user data

Right to data portability Art. 20 GDPR

PEACH comes with a component called GDPR Manager that supervises the data exports from several services. This page describes the workflow and points out what to adapt in custom services to make them compatible with GDPR manager to be compliant with Art. 20 GDPR.

Workflow from user point of view

  • User requests data export to GDPR manager.
  • GDPR manager gathers exports from all configured services.
  • User receives an email with a link to download his data.

Workflow from a technical point of view

  • GDPR manager receives a request from a user. Request info are stored in GDPR database.
  • A background process on GDPR manager fetches the database and finds the request.
  • The background process requests all exports from all configured services and gives them a callback url to inform GDPR manager when exports are ready and where to download them.
  • Services start exporting data.
  • When an export is done, the service uses the callback url provided earlier to POST the generated download URL to the GDPR manager.
  • When GDPR manager receives a callback it downloads the export from the service.
  • When GDPR manager has downloaded all the exports, it builds an archive with an HTML file with local links pointing to all received exports.
  • Then GDPR manager sends a mail with a link to download the archive it has generated with all services' archives.

Sample archive content:

/index.html
/export-1/index.html
/export-1/css/css.css
/export-1/js/js.js
/export-1/img/img-1.jpg
(...)
/export-n/index.html
/export-n/css/css.css
/export-n/js/js.js
/export-n/img/img-1.jpg
(...)
/export-n/img/img-n.jpg

Security

User has to authenticate on GDPR manager to start data export. GDPR manager uses a JWT token from User authentication to interact with all services.

Integrate your custom service to GDPR manager export

Before adding your service to GDPR manager you have to ensure that it's compatible with GDPR manager. To be compatible, a service has to provide an endpoint with the following requirements: - Service endpoint should be secured using JWT security. - Service has to provide an endpoint that accepts json as a body with the following value:

curl -X POST "http://service/data/export" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"callbackUrl\": \"http://gdprmanager/callback\" }"
  • That endpoint is responsible of starting the export. Note that in some case export could be done synchronously, in that case, the service could call back GDPR manager before reponding. GDPR manager is robust to that.
  • Service is responsible of calling back GDPR manager using POST on the callbackUrl provided with the download URI:
curl -X POST "http://gdprmanager/callbackurl" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"export\": \"http://service/export/123456\" }"
  • Services must generate an export without data (like a simple page saying "You don't have any in our systems") when there is nothing to export.
  • Every export has to be a ZIP archive, containing one directory per service exported. There can be 1..n services exported to one archive. Every subdirectory must contain a service-specific index.html, which should be used as an entry or starting point for users.

Furthermore we also recommend that:

  • The service cleans export data after it has been downloaded / a certain amount of time. HTTP exchanges are not transactional so we could have export orphans. For instance if when GDPR manager request an export, the export starts but the service crash before responding to GDPR manager.
  • The download export should be secured using JWT security (as the start export endpoint) or at being exposed behind a none guessable url (like http://service/export/<very-long-none-guessable-export-id)

Note that all services that store user data on peach (History, Playlist, Preferences and Profile) are GDPR manager export compliant.