Froide for MyData


#1

Hi
I would be interested to repurpose Froide for doing so called Subject Access Requests. This is part of the MyData idea, and enables individuals to easily get access to their personal data from private companies. So instead of the classical use of Froide, we have authorities ----> private companies, documents of interest to general public —> personal data.
Obviously this would require some work on Froide, but really not that much. I would like to have a conversation about this in the next OKLabs meeting, and in particular how to setup different repositories to facilitate work down the road. Flagging @apoikola, @danfowler, @loleg and Stefan W on Twitter.


Labs Hangout November 2016
#2

Sure. There are quite some security issues that would need to be addressed. Moreover, some kind of format for My Data repository would need to be defined.


#3

I’m a big +1 on this idea :slight_smile:


#4

Issues that could be addressed:

  • which are the big players in using Froide?
  • is the current location of the repository optimal? of the default theming?
  • how can we facilitate reuse of the code by others, in particular for MyData stuff?
  • what are the security issues?
  • what does Jaakko mean by “some kind of format for MyData repository”?
  • how can we finance work on Froide/MyData efficiently?

#5

Great @pdehaye it’s on the agenda!


#6

The person data needs to be in a protected space. Either in a protected network or in a encrypted container.

We have had a couple of sessions drafting this and @hylje has done a quite a fair bit of Froide-related development. https://github.com/okffi/tietopyynto https://github.com/okffi/decisions

It might even make sense to be able to protect the FOI documents received by Froide, that still need to be retracted.


#7

It might even make sense to be able to protect the FOI documents received by Froide, that still need to be retracted.

Right, this already feels like a bug on the Froide side, for FOI requests. It’ actually not hard to guess the name of a file as stored in an S3 container (and presumably easier elsewhere), and there is no access control on it.


#8

Just a reminder: the Labs Hangout to discuss this is happening in an hour: