Execute Privacy Requests
What is a Privacy Request?
A Privacy Request represents a request to perform an action on a user's identity data. The Request object itself identifies the user by email address, phone number, social security number, or other identifiable information. The data that will be affected and how it's affected is described in a Policy object that's associated with the Request.
For more information on policies, see the Configuring Policies guide.
Submit a Privacy Request
You submit a Privacy Request by calling the Submit a Privacy Request operation. Here, we submit a request to apply the
a-demo-policy Policy to all target data in the Identity Graph that can be generated from the email address
firstname.lastname@example.org and the phone number
+1 (123) 456 7891. Privacy Requests are executed immediately by default. This setting may be changed in the
fidesops.toml configuration file.
1 2 3 4 5 6 7 8 9 10 11
external_idis an optional identifier of your own invention that lets you track the Privacy Request. See How-To: Report on Privacy Requests for more information.
requested_at(Optional) is an ISO8601 timestamp that specifies the moment that the request was submitted. Defaults to the
created_attime if not specified.
policy_keyidentifies the Policy object to which this request will be applied. See How-To: Configure Request Policies for more information.
identitiesis an array of objects that contain data that identify the users whose data will be affected by the Policy. Each object identifies a single user by AND'ing the object's properties.
This request will submit a Privacy Request for execution that applies the
a-demo-policyPolicy to all target data in the Identity Graph that can be generated from the email address
email@example.com the phone number
+1 (123) 456 7891.
- Specifying a
external_idenables us to track this Privacy Request with that
external_idlater on. See How-To: Report on Privacy Requests for more information.
policy_keyshould correspond to a previously configured
Policyobject. See How-To: Configure Request Policies for more information.
A full list of attributes available to set on the Privacy Request can be found in the API docs.
Subject Identity Verification
To have users verify their identity before their Privacy Request is executed, set the
variable in your
TRUE. You must also set up an EmailConfig that lets fidesops send automated emails
to your users.
When a user submits a PrivacyRequest, they will be emailed a six-digit code. They must supply that verification code to fidesops
to continue privacy request execution. Until the Privacy Request identity is verified, it will have a status of:
By default, emails will be sent to users at various points in the request lifecycle.
To change this default behavior for any email type, set the variables under the
notifications category in your
You must also set up an EmailConfig that lets fidesops send automated emails to your users. If using a custom privacy center, ensure that you intake an email identity, which is required for email notifications throughout fidesops.
An email will be sent to users to notify them that their privacy request has been received.
Upon access request completion, an email will be sent to users to notify them of request completion, along with a link to download their data, if applicable.
For security purposes, the data package download link is a one-time link and expires in 24 hrs by default. To change TTL, update the
variable in your
An email will be sent to users to notify them when their privacy request has been reviewed. If the privacy request was rejected, the email will include rejection reason.
Approve and deny Privacy Requests
To review Privacy Requests before they are executed, set the
require_manual_request_approval variable in your
To process Privacy Requests, send a list of Privacy Request IDs to the
deny endpoints. Both endpoints support processing requests in bulk.
1 2 3 4 5 6
An optional denial reason can be provided when denying a Privacy Request:
1 2 3 4 5 6 7
Monitor Privacy Requests
Privacy Requests can be monitored at any time throughout their execution by submitting any of the following requests:
For more detailed examples and further Privacy Request filtering in fidesops, see Reporting on Privacy Requests.
Restart failed Privacy Requests
To restart a failed Privacy Request from the failed collection, submit a request to:
with an empty request body.
Integrate the Privacy Request flow into existing support tools
Alongside generic API interoperability, fidesops provides a direct integration with the OneTrust's DSAR automation flow.
Generic API interoperability: Third party services can be authorized by creating additional OAuth clients. Tokens obtained from OAuth clients can be managed and revoked at any time. See authenticating with OAuth for more information.
OneTrust: fidesops can be configured to act as (or as part of) the fulfillment layer in OneTrust's Data Subject Request automation flow. See the OneTrust integration guide for more information.
You can optionally encrypt your access request results by supplying an
encryption_key string in the request body:
We will use the supplied encryption_key to encrypt the contents of your JSON and CSV results using an AES-256 algorithm in GCM mode.
When converted to bytes, your encryption_key must be 16 bytes long. The data we return will have the nonce concatenated
to the encrypted data.
1 2 3 4 5 6 7 8
Decrypt access request results
If you specified an encryption key, we encrypted the access result data using your key and an internally-generated
nonce with an AES
256 algorithm in GCM mode. The return value is a 12-byte nonce plus the encrypted data that is all b64encoded together.
1 2 3
For example, pretend you specified an encryption key of
test--encryption, and the resulting data was uploaded to
S3 in a JSON file:
GPUiK9tq5k/HfBnSN+J+OvLXZ+GCisapdI2KGP7A1WK+dz1XHef+hWb/SjszdqdNVGvziyY6GF5KIrvrXgxjZuaAvgU='. You will
need to implement something similar to the snippet below on your end to decrypt:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
If CSV data was uploaded, each CSV in the zipfile was encrypted using a different nonce, so you'll need to follow a similar process for each csv file.