Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Anonymize a single entity #136

Open
SebastienTainon opened this issue Mar 21, 2024 · 3 comments
Open

Anonymize a single entity #136

SebastienTainon opened this issue Mar 21, 2024 · 3 comments

Comments

@SebastienTainon
Copy link

Hello,

Following our discussion on superbrave/gdpr-bundle#209 I'm creating this issue to suggest a new behaviour for this bundle: anonymize a single entity.

Here's an example use-case: a user removes his account from the website. But his account is deeply linked to other users accounts, so you can't just remove him completely from the database. Instead you have to anonymize him to remove all his personal data, and mark him deleted in the database.

Currently this use-case is not covered by the bundle as it is only used to anonymize a whole table. But it would be nice to have an API to anonymize a single row (entity).

Thanks!

@SimonMellerin SimonMellerin mentioned this issue Apr 2, 2024
@pounard
Copy link
Member

pounard commented Apr 23, 2024

We discussed this topic a bit further orally with @SimonMellerin and @Lonnytunes, there are a few caveats doing that.

First you need to understand that the anonymization process is not intended to be used on a production runtime: the whole goal is to run on a production data copy outside of the production. Hence it was designed with this in mind: there are no caches of configuration or known anonymizers, which means that every time you run it, the code will parse your configuration, validate it, lookup in vendors for anonymizer packs, etc... This is very inefficient code for production runtime use.

It's by design, we definitely optimized the SQL queries in order to run very fast on a big databases, but we didn't optimized it to run very fast on a small filtered dataset.

Moreover, we didn't make it API friendly for this kind of use case. We intend to improve the API, for sure, in next versions because we have many plans around it, but your specific use case is not (at least not for now) in the roadmap.

If your goal is to anonymize a single database entry, and if that very specific anonymization process is part of your business specification, your application domain, also a recurring need, then you probably should implement it as such, by your own means, as you would do for any other business function.

We keep this in mind, and may find a way to do this, but right now as the bundle exists, I must warn you: attempting to run the anonymization procedure on the real production would be a very dangerous thing to do; any mixed-up parameter or method call and you can tell good bye to your production data! We are not going to support this kind of usage soon.

Nevertheless, as stated in #138 it seems that the need of being able to anonymize a filtered seems to be a recurring need. So we are going to investigate and try to find an elegant, usable solution for this. But be warned that until we do find a way, implement it, test it, and say that it's not experimental anymore, any custom attempt to do it would be dangerous for your data.

@SebastienTainon
Copy link
Author

SebastienTainon commented Apr 23, 2024

Thank you @pounard for the detailed explanation and for having discussed about the implications of this issue! I understand that it's a use case that is a bit far from the initial goal of this bundle. I am not intending to develop a custom behaviour on top of the bundle (yet) 😃

@pounard
Copy link
Member

pounard commented Apr 23, 2024

I am not intending to develop a custom behaviour on top of the bundle (yet) 😃

Whenever you do, please file an issue to discuss, we won't accept everything but any clever idea will be thouroughly evualated for inclusion !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants