Privacy Computation Engine

The blindnet devkit Privacy Computation Engine (PCE) is the core of your "privacy stack".

It is a service delivering Restful APIs to manage the two core features of the DevKit by:

1. interpreting your rights to hold and treat a particular Data Capture at a particular point in time
2. calculating a response to Data Subjects' Privacy Requests.

Both these features are provided by a main internal component we call the Privacy Compiler, based on the specific information and parameters of your organization you define using the Customization API.

How It Works

The Privacy Compiler inside the Privacy Computation Engine is here to deliver recommended operations based on a timeline of Events¹ it proceeds.

key point

The Privacy Compiler compiles a timeline of events into recommended operations.

Events

Events are defined by:

• their association with one related Data Subject
• information needed to determine consequent operations
• the specific date and time at which the event occurred

As such, events can represent:

• the capture of some sensitive data (Data Captures Fragments)
• an assertion of privacy rights from people about whom you hold sensitive information (Privacy Request)
• a response from your organization to such privacy requests (Privacy Request Response)
• any privacy legislation-related action (Legal Base Event), like, for example, the expression of consent to the processing of personal data² (Consent)

Events can be created manually or automatically from any component of your privacy stack. Automating and simplifying the creation of such events is one of the main purposes of other DevKit's components.

Computation

The PCE orders all the events it receives by date and time, to create a timeline.

This way, it can link all the different pieces of information together, and with your organization's configuration. This allows its Privacy Compiler to determine consequent operations to recommend.

Any of your applications and services can therefore use the PCE to determine what to do as a consequence of any privacy-related event occurring. As a consequence, using the PCE in your system allows you to efficiently enforce compliance with privacy-related legislations while guaranteeing strong coherence in all privacy-related matters for your whole organization. Other components of the devkit are here to help you do so with minimal effort.

Further Readings

📄️ Configuration

For the PCE to give you recommended actions adapted to your specific architecture and needs, you first need to configure it via its configuration API.

📄️ How It Works

Based on the configuration you provided, the Privacy Computation Engine infers a set of Processing Records that contain:

📄️ Compilation

Initial Set-up

📄️ Setup & Deployment

Refer to Usage section of the Privacy Computation Engine README on GitHub for more information about its setup, especially if your goal is to contribute or just test the service locally.

---

¹ Refer to the associated section of the PRIV specifications for more information about how Events are precisely defined.

² As defined, for example, in the Article 4 Section 11 of the GDPR.