Solved

GDPR data access API

  • 28 June 2022
  • 1 reply
  • 41 views

we provide our customers with APIs to automatically serve their end-user Access and Deletion requests as detailed below.

 

I’ve been able to find API documentation for deleting a users data with the User Privacy API

But I’m not sure which API to use for serving GDPR Access requests. Is it the User Profile API?

 

That one certainly seems like it has at least some of the data I’m required to export for the user. But I’m not certain that it has all of the data.

icon

Best answer by Saish Redkar 28 June 2022, 19:57

View original

1 reply

Userlevel 7
Badge +10

Hey @larsbenedetto 

From what I understand of GDPR access requests, the user properties you collect on the user can be classified as personal information subjectively if you are capturing email address, name, IP, etc. There is also a thin line between event data and user property data depending on how your org wants to surface/interprete “all of the data” collected on a user.

The User Profile API could be one way to surface this since it allows you to fetch user properties. But I feel that endpoint is more in context of Amplitude’s cohorting and recommendation feature sets.

I would suggest looking into the User Activity endpoint from the Dashboard REST API since this gives you both - aggregate statistics about the user and their user properties ( similar to what you see in the user’s profile in the UI) and also the most recent 1000 events performed by the user.

Hope this helps.

Reply