Ruby Library for YaPPL

Build Status Gem Version Release

What is YaPPL?

YaPPL is a Privacy Preference Language (see YaPPL)

YaPPL allows to codify legally sufficient consent and thus provides a valuable basis for GDPR-compliant consent management. In a nutshell, YaPPL is a message and file format that, in combination with the proposed service architecture, a) fulfills legal requirements for technically mediated consent provision, b) can act as an archive for expired preferences for auditing purposes, c) provides an enhanced user-centric access control model for future or unforeseen data processing requests. - Ulbricht & Pallas, 2018

What is this?

This is a Ruby Gem to work with YaPPL policies :)

Usage

First, you need to add this to your Gemfile: gem 'ruby_yappl' and then run bundle install, now you have it installed. require 'ruby_yappl' to require the files.

The gem provides different classes to use, mainly YaPPL::Policy and YaPPL::Rule.

A policy can be created by parsing a policy file. Simply pass the json to YaPPL::Policy.from_policy_file. This will instantiate a YaPPL::Policy and the appropriate YaPPL::Rule objects.

Policy provides a few public methods in accordance with the official YaPPL definition:

  • #create_policy serializes the classes to their json representation to be saved to database or file.

  • #get_excluded_purpose returns an array of all excluded purposes

  • #get_excluded_utilizer returns an array of all excluded utilizers

  • #new_rule(args) adds a new rule to the Policy. #add_rule(rule) can also be used if you prefer handling objects instead of parameters.

  • #get_tr_rules returns an array of Transformation rules, including the utilizers and purposes they depend on.

  • #archive_rule(rule_id) expires and archives a rule.

  • #update_rule(rule_id, args) updates a rule, archiving its old state.

Additionally, YaPPL::Rule#expired? can be used to see if a rule still applies.

Demo

require 'ruby_yappl'

# deserialize
policy = YaPPL::Policy.from_json_file(File.read('./my_policy_file.json'))

# update a rule
policy.update_rule(4, {
  permitted_purposes: ['data_analysis'],
  excluded_purposes: ['marketing'],
  permitted_utilizers: ['market_research'],
  excluded_utilizers: ['shopping', 'social_networks'],
  transformations: [{
    attribute: 'temperature',
    tr_func: 'minmax_hourly'
  }]
})

# archive a rule
policy.archive_rule(5)

# reserialize
File.new('./my_policy.json', 'w').write(policy.create_policy)