Manages consent for communication with GDPR in mind
Project description
Manages consent for email communication with GDPR in mind
An app for Django - pip install django-consent
Free software: GNU General Public License v3
Features
GDPR-friendly models, supporting deletion and anonymization
Views for unsubscribing
Utility functions for generating unsubscribe links
Utility functions for creating consent
Form mixins for consent
Abuse-resistent: Someone cannot mass-unsubscribe or otherwise abuse endpoints.
Denial of Service: Endpoints do not store for instance infinite amounts of opt-outs.
Open questions
Can or should consent expire? Currently, we are capturing the creation date of a consent, but we are not using expiration dates.
Would some email addresses qualify as non-individual, and thus require different types of consent? For instance, should company/customer email addresses be stored in a way so that certain consents become optional? Currently, all consent is explicit and stored that way.
Should django-consent also capture purpose and more generic ways of storing private data? Currently, we are only capturing email-related consent.
Do we want to store consent indefinitely? No. If consent is withdrawn, we should delete the entire consent. A person would have to create an entirely new consent.
Should we store op-outs indefinitely? Partly. In django-consent, we do this because we want opt-outs to remain in effect. But we store a hash of the email such that it we don’t keep a record of emails. Experience with Mailchimp and similar systems tell us that marketing and other eager types will keep re-importing consent and forget to care about previous opt-outs. By storing an opt-out, we can ensure to some degree that mistakes made will not result in clearly non-consensual communication.
Other considerations: Privacy by Design
Your application needs the ability to easily delete and anonymize data. Not just because of GDPR, but because it’s the right thing to do.
No matter the usage of django-consent, you still need to consider this:
Right to be forgotten: Means that at any time, you should be able to delete the data of any person. Either by request or because the purpose of collecting the data is no longer relevant.
Anonymize data: When your consent to collect data associated to a person expires and if you need to keep a statistical record, the data must be completely anonymized. For instance, if they made an order in your shop and your stored data about shopping cart activity, you’ll have to delete or anonymize this data.
In any implementation, you should consider how you associate personally identifiable information. This can be a name, email, IP address, physical address and unique combinations (employer, job, department).
In order to design a Django project for privacy, consider the following:
Right to be forgotten:
Deletion should be implemented through deletion of a User instance. Do not relate personally identifiable data in other ways.
All model relations to User.id should use on_delete=models.CASCADE
Anonymization:
When a relation to User.id has null=True and is nullified, then remaining data in the model should not identify the person. You should design your models to only allow null values for User relations when in fact the remaining data in the row and its relations cannot be used to identify the person from your data.
Usage
# Enable your Python environment (example)
workon myproject
# Installation
pip install django-consent-tempNow go to your Django project’s settings and add:
INSTALLED_APPS = [
# ...
'django_consent',
]To use unsubscribe views, add this to your project’s urls.py:
urlpatterns = [
# ...
path('consent/', include('django_consent.urls')),
]Development
To install an editable version into a project, activate your project’s virtualenv and run this:
# Installs an editable version of django-consent
pip install -e .
# Installs an editable version of django-consent's development requirements
pip install -e '.[develop]'
# Enables pre-commit
pre-commit installdjango-consent 0.2 (2011)
This project is not a fork of the old django-consent but is a new project when the PyPi repo owners gave us permissions to take over. The former package is archived here: https://github.com/d0ugal/django-consent
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-consent-0.9.dev0.tar.gz.
File metadata
- Download URL: django-consent-0.9.dev0.tar.gz
- Upload date:
- Size: 12.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d975bd36e2d8d9f729605e098ae6306c2eb6998262b1045a87cccc4aa4031f5c |
|
| MD5 | c9e692d45a975cb95ca6e6d1bc5a2221 |
|
| BLAKE2b-256 | a6b9592aa33f36843100807a688699b50b057c731a1773ee73d18b13e9407ec4 |
File details
Details for the file django_consent-0.9.dev0-py3-none-any.whl.
File metadata
- Download URL: django_consent-0.9.dev0-py3-none-any.whl
- Upload date:
- Size: 9.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.46.1 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 4d42bbc9c9bbe03b9140f6d00091b3362c7e02c20a38adca9d9b59783f6d326b |
|
| MD5 | 283abecd8f4eb28db6b169afa3ce73b6 |
|
| BLAKE2b-256 | d3861dbddc319e71ae07eb411454a94cffbd02456352a75a2db47c9b9f4636c3 |
