Data protection - How can I apply grouping using @DeepPersonalData

Arun · February 16, 2023, 5:56am

I’m using data-protection module for encrypting the sensitive data. I have two user and their personal data. I want to group them by userid to encrypt sensitive information of an user by their userId.

This is my event

public class SentFriendRequestEvent {
    @DataSubjectId(group = "SENDER")
    private final String playerId;
    @DeepPersonalData
    private final UserInformation playerUserInformation;
    private final DeviceInformation deviceInformation;
    @DataSubjectId(group = "RECIPIENT")
    private final String recipientPlayerId;
    @DeepPersonalData
    private final UserInformation recipientUserInformation;

I don’t see any group attribute for @DeepPersonalData annotation.
How can I ensure recipientUserInformation is encrypted using recipientPlayerId?
How can I ensure playerUserInformation is encrypted using playerId?
Is there any other way to achieve this?

Gerard · February 20, 2023, 10:34am

It seems like currently, this is not possible. A workaround would be to have the UserInformation on the sendFriendRequest directly and have something like:

@PersonalData(group = "SENDER")
private final String senderName;

Arun · February 21, 2023, 2:21am

Thanks for your answer and workaround recommendation Gerard.

Gerard · February 21, 2023, 10:55am

I now have a better understanding of the data protection module. It’s likely more neat and maintainable to add the id field to the UserInformation. This way both the @DataSubjectId and @PersonalData end up in the same class.

Arun · March 1, 2023, 5:26am

The annotation is not taking effect unless it is an event object, so we end up in using @SerializedPersonalData to encrypt the entire UserInformation object.