Privacy Requests

This guide describes how the Didomi platform manages privacy requests and how you can implement the most common workflows through our Privacy Requests API.

The Privacy Requests API is included in our Privacy Requests module package. Please reach out to our Support team (support@didomi.io) to get more information.

Before we deep dive into what you can actually do with our API, let’s walk you through the main concepts of our Privacy Request module.

Concepts

User Rights

The User Rights correspond to the rights granted to data subjects who live in a state or country that has passed a data privacy law. Subjects or end-users must typically take some action, such as submitting a Data subject request form, to exercise their data rights.

Privacy laws give certain data rights to consumers. Some of the main rights that these laws have in common are:

  • The right of access (or right to know): The right of a user to find out what personal data a company holds on them and to receive a copy of the data held.

  • The right of deletion: The right of a user to erase the personal information that a company has collected from them.

  • The right to opt out: The right of a data subject to withdraw their consent to the processing of their personal information (e.g., a request to “do not sell” my personal data).

Requests

A Request refers among others to a Data Access Subject Request that is a important facet of privacy laws like GDRP in Europe or Consumer Privacy Rights Act (CPRA) in California. Most of the regulations give certain data rights to consumers like right of access or deletion.

Any data subject (that is, anyone whose personal data your company has collected and stored) may submit a DSAR, so long as they are protected by an applicable regulation. Most of the time, this is customers or users, such as e-commerce clients, but DSAR requests are not limited to consumers. Other individuals who may submit a DSAR request include employees and former employees, contractors, suppliers, sales prospects, etc…

Regulations

A Regulation refers to a privacy law that has been passed in a state or a country. Generally, regulation laws apply to any public or private entities, whatever their size and line of business.

As an example, the General Data Protection Regulation (GDPR) protects consumers from Europe since 2018. In California, the Consumer Privacy Rights Act (CPRA) is into force since January 2023.

Last updated