Have you been receiving emails lately from almost all the services you use, that they have updated their privacy policy and rolled out new features supporting GDPR? Its a surprise if you haven’t been a recipient of any.

The GDPR act was created with the intention of;

“Making people in control of their personal data”

GDPR (General Data Protection Regulation) was adopted on April 2016 and became enforceable on 25th of May 2018. This triggered organizations to take a deeper look at how they handle personal data of their users. The $8.8 billion lawsuit on Facebook and Google is the quintessential lawsuit that deems the significance of GDPR and the consequences of violation.

Organizations have to now look deeply at how they store and process personal data and most importantly how they share personal data with third-parties. This becomes increasingly challenging in an evolved system, since the personal data could be fragmented and scattered throughout the system. As a result, it creates a problem of identifying each interaction and payload shared to make sure un-consented personal data isn’t shared with third-party integrations. Therefore, it is important to consider these 3 aspects at the time of data sharing.

What personal data is shared?

Which third-party is it shared with?

Has the user consented to share this data with the third-party?

This post tries to look at data sharing and privacy preservation based on user consent at a design level and provides a reference architecture.

Identifying data sharing & privacy as a cross-cutting concern

Cross cutting concerns of any system includes requirements that span across your application. A cross cutting concern is outside of your main domain and core features.However regardless of any feature it has an impact for all modules across making it a cross cutting concern.

Typically, most of the following would be identified as cross cutting

Logging

Caching

Security (Authentication/Authorization)

Data Validation

Error Handling

Data privacy or handling personal data should also be thought of as a similar cross cutting concern and should be handled at the design phase of an application. This allows the system to be decoupled from validating user consent and sharing of private data hence, would be able to focus on the core business functionality.

Identifying data sharing as a cross-cutting concern at the design level allows us to define a structure to the application, so that it wouldn’t be missed or become an after thought of the developer.

AOP and the proxy pattern

Aspect Orient Programming(AOP) aims to handle cross cutting concerns with modularity. It provides the decoupling that we thrive for. Therefore, AOP is going to be key in handling data sharing based on user consent. Also, it becomes useful when modifying existing applications to make them GDPR compliant. With the use of AOP, there would be minimum modifications to the existing application logic and the new functionality could be introduced in a neutral manner without conflict.

The proxy pattern would provide us the controlled access to user data, making sure that the user data is not breached. The reason for the proxy pattern is mainly due to the fact that it allows to intercept a service class, so that we could tap into the data transferred to and from. This allows the actual service class to make use of the personal data internally without restrictions but, filter out at the final point of returning.

Let us take a look at how we can combine all of what we discussed to come up with a design.

As in the class diagram above, we have introduced a proxy for the service class which will intercept each call that would happen. The proxy would be responsible for filtering private data based on the caller, whether the user has consented and what has been consented to be shared. If we look at the complete sequence of operations between the components we would see how it all falls into place.



The ConsentValidator is a helper class that would support in validating the user consent based on who it will been shared with.

Implementation

To bring in the AOP aspect we should dig into some code. So lets try to start off with a Spring Boot, Java app.

Spring AOP in Java

Spring AOP makes use of AspectJ. As you might be already familiar AspectJ provides quite a powerful wildcard expression syntax. This allows to compose complex pointcut matching expressions for your Aspects so that you have a great deal of control over when and where your Advices execute.

Next we need to consider what Advice type we would need to implement the above design. Out of the box Spring supports, three types of Advice types.

@Before

@Around

@After

If you notice the way each advice type operates, you would understand that for our scenario the @around type is most appropriate. By defining an advice as @around, we can make sure to intercept the method calls to modify the return objects filtering out the personal data.

Lets start with the proxy Aspect…

ProxyServiceAspect Class – Class intercepting and filtering

package gdpr.filter; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.springframework.stereotype.Component; @Aspect @Component public class ProxyServiceAspect { @Around("@annotation(FilterPersonalData)") public Object intercept(ProceedingJoinPoint joinPoint) throws Throwable { System.out.println("Intercepted Advice executing..."); UserEntity entity = (UserEntity)joinPoint.proceed(joinPoint.getArgs()); System.out.println("Email returned from target - "+entity.getEmail()); // I'm setting the email to null, but you could be creative! // Use a ConsentValidator implementation based on your application and do the filtration. entity.setEmail(null); return entity; } }

To ease out in integration and to make the pointcut expression generic I have defined the FilterPersonalData annotation. You could decorate your methods with this annotations where ever you would want to filter the personal data before sending out.

FilterPersonalData Annotation Class – Marker Annotation which helps pointcut matching

package gdpr.filter; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface FilterPersonalData { }

Then we need to annotate the target methods so that our interceptor kicks into play.

BusinessLogicService – Target Service class executing core logic.

package gdpr.filter; import org.springframework.stereotype.Component; @Component public class BusinessLogicService { @FilterPersonalData public UserEntity sharePersonalData(){ // Ideally this User object should be fetched from the DB or any other data source. // Creating manually for simplicity. UserEntity userEntity = new UserEntity(); userEntity.setName("Lasitha"); userEntity.setEmail("test@test.com"); userEntity.setAge(30); return userEntity; } }

Finally, we need the bootstrapper class, This is the main class that gets everything glued together and does the magic!

Main class Wiring up Spring DI.

package gdpr.filter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.CommandLineRunner; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.stereotype.Component; @SpringBootApplication @Component public class Main implements CommandLineRunner { @Autowired private BusinessLogicService businessLogicService; public static void main(String... args) { SpringApplication.run(Main.class, args); } @Override public void run(String... args) { System.out.println("Starting Application..."); UserEntity entity = businessLogicService.sharePersonalData(); System.out.println("Returned email - "+entity.getEmail()); } }

Once you run the application you would see how the interceptor works and performs the filering

Well that covers it, you could check the complete source code at my repository – gdpr-consent-based-data-sharing