OCP API for apps that can export and delete user data for compliance

[ChristophWurst]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.

Currently there is no standardized way of exporting or deleting data of one user for an app.

Describe the solution you'd like

An API where apps can register that they are capable of handling a data export or deletion.

It should roughly work like this

1. There are interfaces an app implements for the distinctive operations like export and deletion. Apps can choose to only support some of the operations
2. Apps register their code on the bootstrap context https://docs.nextcloud.com/server/stable/developer_manual/app_development/bootstrap.html#bootstrapping-process
3. If an export or deletion is triggered (CLI/web) then all registered services will be called to trigger an export
4. The export can sometimes happen immediatelly, when the operation is cheep (simple db query that takes only a few ms to process) or async in a background job when the operation might take longer.
5. There is some bookkeeping code that tracks which services were triggered and which ones are done. Once everyone has returned, the export or deletion confirmation can be sent to the admins or just the user who requested this info

Describe alternatives you've considered

n/a

Additional context

Because it worked well with other new APIs I would suggest that each of the methods that invoke an export or deletion get an IUser object and an additional context object as arguments. That context object allows us to pass in any other additional infos/flags/whatever later on without breaking the APIs.

This is an old idea @rullzer and I had. Originally this was not based on bootstrap registration but events. By current standards that would be an anti pattern and not a proper API. I've updated this accordingly.

Additional questions

1. Do we need to distinguish between different types of exports/deletions, e.g. GDPR export vs some other export?
2. Where would we store the data? Do we provide apps with something like an abstracted filesystem folder where they can put anything? That folder could be located in the app data directory and scoped so that apps don't see each other (and don't overwrite anything)

---

cc @AndyScherzinger @LukasReschke

[Spartachetto]

@ChristophWurst this seems to me as a major step towards nextcloud/appstore#1512 .

You could evaluate if it is technically feasible to include also a section of the API to expose informations about which data is collected to admins and users.

I'll try to clarify: taking Talk as an example this API should be used for deleting user messages and info about his/her chats (let's say talk metadata about user's interactions). As you provide this API maybe you could use the list of the data that could be removed as a description of the data collected by the app.
This description would provide a way to better respect GDPR prescriptions and to better inform users and admins.

[ChristophWurst]

I think I had that in mind and my phrasing wasn't accurate. The two basic aspects of the compliance are to give someone access to the data that is stored about them, and to be able to delete this data.