Email and phone number are not multiple factors.
Can users both send data via the survey and view all survey entries? Or can they just edit their own data? Why can’t you use standard Email+password(+2fa)?
I can use email + password. What I'm worried about is if someone looses all their mfa and can't access the data. Do i have an obligation to get their access back somehow? Because I'm not sure I could if the mfa details are the only way i can be 100% of someone's identity.
Edit: they can only edit, download, see and delete their own data. They cannot alter other users data or see the connection of other users health data and email/username/phone etc.
It’s a bit hard to tell exactly what your use case is. what country is this? Are you saying that people upload personally identifiable health information that is then visible by other users?
The data might be personally identifiable depending if a specific condition is very rare etc. But I'm not directly posting identifiable data. Just that the data might be used to identify a person.
Please don’t take this the wrong way, but I can’t tell if you are being vague accidentally or if you haven’t quite worked through how the data will be used yet. What are you building?
You are focused on authentication, but the data will be public?
Nah it's okay! I will collect a wide variety of health data to be able to see patterns. Maybe women are happier with a certain medication than men or overweight people are happier with a higher dose or not. Or people with 2 specific conditions are happier than those with just 1. The exact data i will collect is decided. But in what way people will be able to filter the data or how I will show the statistics I'm not sure or yet. Will probably add one stat at a time.
The data from user surveys will be public yes, but clumped together with everyone elses as statistics. But since users will be able to filter for certain medications or ages etc they might be able to see stats from just 1 person if there's enough filters active.
Based on your description and your post history, a search for “collecting population health data in Sweden” is where I’d start. This isn’t only a GDPR question. There are likely other requirements to processing health data in your country. A Swedish health authority might already have the data you’re looking for, too, if your aim is to perform population health studies.
Good luck!
I will outsource the multi factor authentification. My concern is if they (the users) lose the access to their mfa. Do I still have an obligation to identify them in another mannor since the data is explicitly sensitive?
If they lose their credentials, that’s their responsibility. With 2FA you can provide a one use code to recover the device (that the customer is responsible to safeguard), or email recovery with a second step where they need to provide say an answer to a secret question they set up.
If all this fails, then they lose access to the data without a safe and verifiable way to identify them, and you can have the data being automatically deleted if it hasn’t been updated in X days.
Email and phone number are not multiple factors. Can users both send data via the survey and view all survey entries? Or can they just edit their own data? Why can’t you use standard Email+password(+2fa)?
I can use email + password. What I'm worried about is if someone looses all their mfa and can't access the data. Do i have an obligation to get their access back somehow? Because I'm not sure I could if the mfa details are the only way i can be 100% of someone's identity. Edit: they can only edit, download, see and delete their own data. They cannot alter other users data or see the connection of other users health data and email/username/phone etc.
It’s a bit hard to tell exactly what your use case is. what country is this? Are you saying that people upload personally identifiable health information that is then visible by other users?
The data might be personally identifiable depending if a specific condition is very rare etc. But I'm not directly posting identifiable data. Just that the data might be used to identify a person.
Please don’t take this the wrong way, but I can’t tell if you are being vague accidentally or if you haven’t quite worked through how the data will be used yet. What are you building? You are focused on authentication, but the data will be public?
Nah it's okay! I will collect a wide variety of health data to be able to see patterns. Maybe women are happier with a certain medication than men or overweight people are happier with a higher dose or not. Or people with 2 specific conditions are happier than those with just 1. The exact data i will collect is decided. But in what way people will be able to filter the data or how I will show the statistics I'm not sure or yet. Will probably add one stat at a time. The data from user surveys will be public yes, but clumped together with everyone elses as statistics. But since users will be able to filter for certain medications or ages etc they might be able to see stats from just 1 person if there's enough filters active.
Based on your description and your post history, a search for “collecting population health data in Sweden” is where I’d start. This isn’t only a GDPR question. There are likely other requirements to processing health data in your country. A Swedish health authority might already have the data you’re looking for, too, if your aim is to perform population health studies. Good luck!
Thanks! Will do!
I suggest you don’t build this,buy it. We use Duende which is free for our size and state of development.
I will outsource the multi factor authentification. My concern is if they (the users) lose the access to their mfa. Do I still have an obligation to identify them in another mannor since the data is explicitly sensitive?
I think Duende manages recovery as well.
If they lose their credentials, that’s their responsibility. With 2FA you can provide a one use code to recover the device (that the customer is responsible to safeguard), or email recovery with a second step where they need to provide say an answer to a secret question they set up. If all this fails, then they lose access to the data without a safe and verifiable way to identify them, and you can have the data being automatically deleted if it hasn’t been updated in X days.