Skip to main content

2. Set Up a Privacy Computation Engine

At the core of the blindnet devkit is the Privacy Computation Engine. It is a simple service you can interact with via a Rest API to create and track your users' Privacy Requests.

We'll set up the Privacy Computation Engine in three steps:

  1. Set up an application: register and obtain a unique ID and key for your application
  2. Configuration: configure the service using its configuration API
  3. Development: call the Privacy Computation Engine from your registered applications to handle Privacy Requests

Application registration

Contact us to register an application and obtain an Application ID and key.

note

Registration will be automatic once we deploy the dashboard, expected soon.

You can also use a pre-configured application to try out the devkit. Careful, as anyone can make changes to it's configuration.

id: 78f5fc15-5645-4f4f-8e1d-0792b7d89acd
key: EgPThokIzi0oGkOGPOuC3zA63/b39ZAefcbxpegoHog=

Configuration

Your Privacy Computation Engine application needs to be configured in order to respond to privacy requests your users made. In this step, we will explore a few configuration option.

Token

In order to use the configuration API, your requests need to be authenticated with the devkit token. For more information about the token types and uses, see authentication section.

For the simplicity, we will use a token generator web app to create an application scope token. Input your application id and key, choose app in the drop down field and hit the generate button to obtain a token.

note

Application scope tokens should be generated on your server, using the devkit libraries. You can find more information in the authentication section.

In the next steps, replace your_app_token placeholder with the generated token.

Configure general information

To get the general information about the application, make the following request:

curl --request GET 'https://stage.computing.blindnet.io/v0/configure/general-info' \
--header 'Authorization: Bearer your_app_token'

Let's start by configuring some general information about who we are:

curl --request PUT 'https://stage.computing.blindnet.io/v0/configure/general-info' \
--header 'Authorization: Bearer your_app_token' \
--data-raw '{
"organization": "blindnet S.A.S.",
"dpo": "Vuk Janosevic, dpo@blindnet.io",
"countries": ["France"],
"dataConsumerCategories": ["Blindnet managers", "Blindnet Marketing team"],
"accessPolicies": ["Authenticated blidnent employees"],
"privacyPolicyLink": "https://www.blindnet.io/legal/privacy-policy"
}'

Insturctions on how to go beyond the "quick start" intro and set up full details for your organisation, are given here

Legal bases are one of the key concepts of the blindnet devkit. They are explained in more details in the documentation. For the purposes of this "quick start" introduction, we will define only one legal base - a consent. We will configure a consent legal base that covers using a user's email address for advertising purposes. Later in the tutorial, a user will "give" their consent.

curl --request PUT 'https://stage.computing.blindnet.io/v0/configure/legal-bases' \
--header 'Authorization: Bearer your_app_token' \
--data-raw '{
"lb_type": "CONSENT",
"name": "Sales promotion",
"description": "Informing users about the current sale.",
"scope": [
{
"data_categories": ["CONTACT.EMAIL"],
"processing_categories": ["USING"],
"processing_purposes": ["ADVERTISING"]
}
]
}'

Find the consent legal base you just added and make note of it's ID.

curl --request GET 'https://stage.computing.blindnet.io/v0/configure/legal-bases' \
--header 'Authorization: Bearer your_app_token'

That ID will be later used to store the consent for a user.

Configure a retention policy

Retention policies define how long you can or must keep each data after a specific event occurs. We will add a retention policy to forbid keeping the user's email address for longer than 1 year after a user has given a consent.

curl --request PUT 'https://stage.computing.blindnet.io/v0/configure/retention-policies' \
--header 'Authorization: Bearer your_app_token' \
--data-raw '[
{
"data_category": "CONTACT.EMAIL",
"policy": "NO-LONGER-THAN",
"duration": "P1Y",
"after": "SERVICE-START"
}
]'

Inspect the retention policies for data categories with

curl --location --request GET 'https://stage.computing.blindnet.io/v0/configure/data-categories' \
--header 'Authorization: Bearer your_app_token'