Giters

ethyca / fides

The Privacy Engineering & Compliance Framework

Home Page:https://ethyca.com/docs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add flexible logic for when you can update a legal basis

adamsachs opened this issue · comments

commented

Is your feature request related to a specific problem?

Taken from jira ticket (https://ethyca.atlassian.net/browse/PROD-1158)

Story:

“As a publisher using the Fides Admin Ui, I have the right to override the legal basis for particular purposes that a particular vendor has declared as flexible or when the information came from GVLv2.”

AC:

GVL systems only

  • Based on value of flexible_legal_basis_for_processing boolean property, the legal basis field is set to be editable - otherwise it is not.

  • Can only apply to purposes 2,7,8,9,10,11

  • If the vendor came from GVLv2, the legal basis for the following purposes can be overridden:

Purposes 3,4,5,6

Describe the solution you'd like

I think within the fides UI we don't need to worry about the above GVL logic, and can instead just rely on the flexible_legal_basis_for_processing field that's on the PrivacyDeclaration. #4248 will take care of ensuring that gets added to the PrivacyDeclaration when taking GVL-based suggestions from Compass.

Describe alternatives you've considered, if any

The flexible_legal_basis_for_processing field was created as an Optional[bool with the intention of leaving it None/null/blank for non GVL systems. Optional[bool]s are strange creatures, and it's unclear if we support them fully throughout our stack. I @adamsachs am digging into this a bit more to determine whether this is really viable to maintain, will look to provide updates -- please reach out if this hasn't been clarified by the time we begin work on this...

generally i assume we want to treat flexible_legal_basis_for_profiling as a default of True, i.e. if it's a non-GVL system that doesn't set this property, then the legal basis should be left editable! there are a few different places we could encode this logic, so let's talk thru what makes the most sense...

Additional context

https://ethyca.atlassian.net/browse/PROD-1158

commented

Just revisiting some details. I agree with @adamsachs that we'll be getting our values from Compass here and it will largely be a FE task for this first iteration to set everything properly but here's some things that stuck out to me