Data Subject Model

Data subjects are your end-users. Every subject is identified by its type, and an identifier. Type is usually user, but it can be someting else depending on the use case. The user and id uniquely identifies a data subject.

Depending on your needs, you can store additional data fields for data subjects. ConsentGrid™ does not limit the type of information you can store with each data subject as long as it is stored as a valid JSON object.

When you retrieve a data subject record, it is returned in an envelope containing subject id, version information, the user that last updated the subject, and the actual subject data. Every update to a data subject is stored in a versioned database. You can access older versions of a data subject using version query parameter.

{
  "id": {
    "id": "user identifier",
    "type": "user"
  },
  "version": 1,
  "versionTime": "2019-03-04-T12:04:05Z07:00",
  "by": {
    "id": "lastModifiedBy user identifier",
    "type": "user"
  },
  "data": { ... }
}

Relationships between Data Subjects

You can define relationships between data subjects. Such relationships are important especially in dealing with minor consent where a parent or guardian is the consent manager for the child. In general, relationships between data subjects can be defined using the following record types:

{
  "from": {
    "id": "relationship source user id",
    "type": "user"
  },
  "to": {
    "id": "relationship target user id",
    "type": "user"
  },
  "role": "relationship role",
  "properties": {
    "name":"value",
    ...
  }
}

For example, a relationship from user 1 to user 2 with role=parent is interpreted as user 1 is a parent of user 2. ConsentGrid™ recognizes parent and guardian role types, and treats consent operations for such subjects differently. If a data subject has a parent or guardian, the the data subject is not allowed to make consent choices, but the parent or guardian has to make consent choices for that subject.

Data Subject Aliases

There are use cases where a single data subject has multiple identifiers. For instance, a data subject may have different identifiers for different backend systems:

System Subject type:id
System A system_a:2653827634
System B system_b:57383764820-398734

Use data subject alias APIs, the above two identifiers can be defines as aliases for a single data subject. When consent information is retrieved for one of the subjects (for instance system_a:2653827634), a combination of consent records for all aliases will be returned (in this case, system_a:2653827634 and system_b:57383764820-398734).