"Personal data portability" feature

[fedir]

Let's implement "Personal data portability" feature (it's also one of the most important points of European GDPR).

Objective

• On the request of the user it's private information should be exported in a structured, commonly used and machine-readable format

How it could work

• Each frontend user should be able to request records, which contains it's own private data (via FE plugin)
• On the data level, TCA should be extended to classify selected tables / fields with "private data" of the FE user
• Data export API, for private data (but filtering from system information, to avoid additional information disclosure)
• An additional Backend module for the DPO could be added to control if all private data is exportable

Ressources

• https://gdpr-info.eu/art-20-gdpr/
• https://techblog.bozho.net/gdpr-practical-guide-developers/

[georgringer]

the main problem I see:
There is no API in datahandler to fetch related records like orders of a user. This will be solved with https://typo3.org/community/teams/typo3-development/initiatives/persistence/. therefore I will wait until this is fixed