Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFW0008] Implementation of Response Panel into Brand Dashboard for DSRs #5

Open
ProfilaMitchell opened this issue Jul 22, 2022 · 0 comments
Open

[RFW0008] Implementation of Response Panel into Brand Dashboard for DSRs #5

ProfilaMitchell opened this issue Jul 22, 2022 · 0 comments
Labels
Fund 8 Catalyst fund 8 project TOPIC: Privacy Privacy feature

Comments

@ProfilaMitchell
Copy link
Collaborator

ProfilaMitchell commented Jul 22, 2022
edited
Loading

Table of Contents

Housekeeping

Make sure to clearly understand Type-A and Type-B requests, and the relevant limitations. Failing to follow the guidelines pertaining to the two acceptable types of RFWs will automatically lead to disqualification of the RFW.

Take time to complete each section below with as much detail as is required to establish a comprehensive understanding about the underlying product specification.

ALL BELOW FIELDS ARE REQUIRED

The Problem

There is no on-platform way for brands to manage DSRs issued to them

User Story

As a brand I want to view the DSRs executed by consumers so that I can legally oblige their requests

  • High business severity - In order for our core feature of DSR management to be utilised fully, the brands need to be able to interact with the requests on our own platform
  • High priority - Core feature that ultimately affects both brands and users

Request Type A/B

Type B

Owner

Michiel Van Roey

Summary

A Response Panel for DSRs is being introduced to the brand dashboard. In the response panel brands will have an easy overview of all data subject rights that have been exercised by their consumers on the platform. All requests, timelines, responses will be included on the blockchain, so companies have immutable proof that they responded in a timely manner (as they are required by law).

Is This Really Necessary?

It is necessary that brands have an easy way to view exercised data subject rights. By doing so is the "best way" that we can enable users not only to easily exercise DSRs, but have them responded to in an efficient manner.

Motivation

This response panel will facilitate the DSR assertion process of Profila users. This panel will also help brands fulfil their GDPR obligations of transparency, information requirements, and aiding data subjects (people) in exercising their privacy rights.

In addition to the new ledger entries, we will add the use of the zero knowledge token (ZEKE) to offset blockchain entry fees.

Named Concepts

N/A

Examples, Risks & Assumptions

  1. Explain concretely what will manifest as a result of this RFW.
  • Brands will have a response panel within the Brand Dashboard where they can view and respond to DSRs
  • Once brands mark a DSR request as fulfilled, the metadata of the DSR details will be written onto the blockchain (this step is out of scope and managed in the respective RFW).
  • Once brands mark a DSR request as fulfilled, the respective DSR request will have its status updated on the user's DSR Management Panel

  1. Explain how is it different from what is already manifesting i.e. what we already have?
  • There is currently no way for brands to respond to DSRs on the brand dashboard
    There is currently no implementation of ZEKE into the DSR process within Profila

  1. Explain what Profila users/brands will experience as a result of this RFW. How will they feel as a result of it? How will they benefit as a result of it?
  • Brands will have a place in the brand dashboard (Response Panel) where they can have an easy overview from all data subject rights that have been exercised by their consumers

  1. If applicable, provide sample messages for any new messages the system will display as a result of this RFW.

All respective messaging in Conceptual Design


  1. Define what is out of scope in this request.

  1. What are the data protection, privacy and security assumptions made for this request (example, should this be GDPR, HIPPA (healthcare), NIST compliant etc. - Speak to Michiel or Ipek!)

Privacy

  • The brand must respond to the DSR assertions as they are required by law

  1. Explain how this user story will be supported (i.e customer support - if the user story fails technically, how will the user be supported).

Support Flow
If the brand cannot mark a DSR assertion as dealt with, they should be made to notify Profila so the issue can be corrected by the tech team.

Brand Logic

  • There is direction to contact Profila if they cannot successfully mark a DSR as completed

Tech Support Logic

  • Needs to resolve issue with why the DSR cannot be marked as complete as it is a technical issue


  1. Explain how this user story impacts revenue or billing (if applicable).

Whilst the Response Panel does not directly affect billing, the subsequent action of writing metadata to the blockchain does incur a cost which is currently paid by Profila
This RFW affects billing depending on how the implementation of how ZEKE will be given/bought by companies to offset the transaction fee involved in the DSR


  1. State any additional risks identified as a result of this user story.

N/A

Success Metrics

Brands can use the response panel to view and manage DSRs issued to them by Profila users.

Conceptual Design

Logic Flow

A Response Panel in the dashboard of companies, where they can have an easy overview from all data subject rights that have been exercised by their consumers. All requests, timelines, responses etc will be included on the blockchain, so companies have immutable proof that they responded timely (as they are required by law).


Figma Designs

  • The brand sees an overview of all DSRs asserted against them on the Profila platform
    • This is key in understanding that DSRs sent via email by consumers will not be displayed in Profila, so we may make it a point to convert brands entirely to using Profila as their DSR handling solution
  • On each DSR, the brand can see the following information:
    • Full name of user
    • Email address of user
    • DSR being asserted
    • The verification status of the user
    • The time remaining they have to act upon the request. This timer displays the same countdown as noted in the user's DSR management panel.
  • The brand can interact with an individual DSR assertion to mark that they have taken the necessary actions. (they do not do anything on the platform to resolve the actual request)
  • Once the brand affirms this, they get a popup text field to note what action was taken, and an entry is made onto the blockchain with the information of the DSR request and its remedy. This is described in full in the RFW pertaining to metadata entry to the blockchain.
  • This also triggers the DSR within the individual's DSR management panel to display that the action was taken
    < br/>

There are various states of a DSR. These states do not affect when the DSR is written to the blockchain, but do alter the flow.

Extend Assertion
Brands have the ability to request 30 additional days to handle a DSR assertion. This is facilitated by the use of a button on the response panel and doesn't affect the flow otherwise, although the extension is also noted on the user's management panel, as well as via notification.

Post DSR Flow
Once the DSR assertion has been handled, the brand can also then view the DSR assertion in the blockchain via their response panel by clicking the 'view DSR in blockchain button'.

In addition to the new ledger entries, we will add the use of the zero knowledge token (ZEKE) to offset blockchain entry fees

Figma Link - Brand Management Panel

Flow Diagrams

Flow0008

Requirements

Drawbacks

Success of this feature relies on brands being on the platform

Alternatives

The brand can manage all DSR requests via email

New Data

  1. Time of the DSR viewing
  2. Additional context the Brand writes as explanation
  3. The output answer of the Brand (conform or deny)
  4. Hash code 1 - when it is generated for blockchain, it is to be written to the database as a code. Then it will be used later for Hash code 2. (the answer from the Individual to the Brand)

Business release date

A rough timing for the planned release for the specification possibly resulting from this request.
The ledger of DSR's for a brand to view and respond to should be implemented in Q1 2023.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Fund 8 Catalyst fund 8 project TOPIC: Privacy Privacy feature
Projects
No open projects
(Catalyst)-Data Subject Rights on the Cardano Blockchain
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ProfilaMitchell