Get started with Fides

To remain compliant with privacy laws and regulations, organizations need to continuously monitor how data is used across their systems. Instead of relying on PR reviews, imagine if you could catch privacy issues automatically before they make it into production.

In this tutorial, you’ll learn about Fides—an open-source privacy engineering platform that lets you map sensitive data across your systems, run automated privacy checks, and quickly respond to data subject requests, or DSRs.

You’ll first deploy a local sample project with an e-commerce sample application that uses Fides to map personal data. Throughout the tutorial, you’ll switch between the role of a user exercising their privacy rights and an administrator responsible for responding to user-submitted data requests.

If you’re looking to install Fides from scratch, check out Deploy Fides to Kubernetes instead.

Before you start

To finish this tutorial, you’ll need:

• Docker (20.10.11 or higher)
• Python (3.9 or higher)
• venv (or any environment manager you’re comfortable with, such as Conda)

python3 --version

What is Fides?

Fides is an open-source privacy engineering platform that uses a privacy-as-code approach to manage personal data across your data systems. Fides can scan your infrastructure and generate data maps, which you can then use to, for example, run automated privacy checks and fulfill data requests.

At the core of Fides is Fideslang—a YAML-based configuration language that defines your datasets, systems, and policies. While Fideslang enables a comprehensive set of use cases, this tutorial will focus on responding to data subject requests (DSR).

For a more in-depth explanation of Fides, see the video by Cillian Kieran—founder and CEO at Ethyca, the company behind Fides.

Install Fides locally

Fides is deployed as a web server that reads Fideslang configuration and provides several operations through the Fides REST API.

To avoid setting up a production-like environment when you just want to try it out, Fides comes with a sample project intended to run locally. The sample project includes the Fides web server, an admin UI, and a sample application that we’ll explore later.

Once you’re ready to deploy Fides to your own infrastructure, see the Advanced installation docs.

Fides is available as a Python package, so we’ll start by installing Fides to a virtual Python environment.

1. Create a folder for the Fides sample project:

   mkdir ~/fides
   cd ~/fides

2. Create and activate a virtual environment using venv:

   python3 -m venv fides
   source fides/bin/activate

3. Install Fides using pip:

   pip install ethyca-fides

Once the pip command finishes, we can start deploying the sample project.

Run the Fides sample project

To deploy the Fides sample project locally, run the following command:

fides deploy up

The first time you run the command, it’ll need to download the necessary dependencies. This may take a few minutes, depending on your internet connection.

Once Fides has been successfully deployed, you’ll be asked whether you’d like to share usage analytics with Ethyca. Select the option you’re most comfortable with.

In the final output, you’ll see the URLs to access each component of the sample project. You can also browse to localhost:3000/landing to get an overview, including a project diagram.

Now that the sample project is up and running, take some time to explore the different components. Remember to check out the project diagram at the bottom of the landing page to better understand how the various parts interact. When you’re ready, let’s check out the included sample application.

Cookie House—delicious privacy

Cookie House is a fictional e-commerce store where you can buy—judging by the prices—Michelin-rated cookies.

To deliver the cookies, Cookie House needs some personal data, such as the name and physical address of the user. Let’s make a purchase so we’ll have some data to request later.

1. Visit localhost:3000/ to see the store.

2. Find the tastiest-looking cookie, and click Purchase under it.

3. Fill in all the fields. Remember the email you used. You’ll need it later to access your data.

4. Click Purchase at the bottom.

You’ve entrusted Cookie House with your personal data. Later, we’ll request access to the data you submitted. But before that, let’s see what it looks like for the administrator at Cookie House.

Fides Admin UI

The Admin UI is a web application that communicates with the Fides API to perform common administrative tasks.

1. Open localhost:8080 in your browser.

2. Sign in using the test credentials. You can find your credentials on the landing page or in the terminal output from the fides deploy up command.

The Admin UI lets you manage several aspects of your Fides installation. Let’s look at two of them: system inventory and request manager.

1. In the sidebar on the left, under Data inventory, click System inventory.

   This view gives you an overview of all the systems that Fides manages. In this demo, you can see the different systems that handle data about Cookie House users.

2. In the sidebar, under Privacy requests, click Request manager.

   This view lists the data requests made by data subjects, or the Cookie House users in our example.

As you can see, the Privacy Requests view is empty right now. Let’s change that by making an access request to see what data Cookie House has about you.

Respond to data access requests

Before we decide whether to erase the data, let’s first see what data they stored from our recent purchase.

Create a data access request

The Cookie House sample application includes a Privacy center that lets users exercise their privacy right by requesting access to their data, or erasing it altogether.

1. Head back to Cookie House and click Privacy center at the very bottom (or browse directly to localhost:3001).

2. Click Access your data.

3. In Email, enter the email you used when you purchased the cookies.

4. In First name, enter the name you used with your order.

5. Click Continue.

The data request has now been submitted to Fides and awaits approval by a Cookie House administrator.

Approve a data access request

Once the user has submitted a data request, we need to respond within the configured time frame. We don’t want them to wait for too long, so let’s review it right now.

1. Switch back to the Privacy Requests in the Fides Admin UI. You’ll see a new access request in the list (you may need to refresh the page).

   • The Days left column shows how long you have until you must respond to the request.
   • The Actions column lets you either approve (checkmark icon) or deny (cross icon) the data request.

2. In the Actions column, click the checkmark.

3. Click Confirm to approve the request.

Notice that the Status changed to Completed. The request has now been fulfilled, which means the user can now access their data.

Inspect the exported data

In production, you’d likely send an email to the user to let them know where they can find the exported data. When running Fides locally, the data is instead exported to a folder in your project folder.

1. In your terminal, change the directory to the fides_upload folder and list its contents:

   cd ~/fides/fides_uploads
   ls

   You’ll see a ZIP file with a name starting with pri_.

2. Unzip the exported data into a new folder.

   unzip pri_b3624022-a2ba-48bc-8956-541ff81d9a63.zip -d data_export

   The exported data contains a data folder, and a welcome.html page where you can browse the contents.

3. Open welcome.html in your browser.

   # macOS
   open ./data_export/welcome.html

   You can click the rows in the table to navigate the dataset. Click the Back arrow at the top to go back to the previous view.

Respond to data erasure requests

While you may have enjoyed your $20 cookie, you later come to terms with the fact that it was a one-time purchase, and your budget won’t be able to sustain your costly cookie cravings.

Since we don’t expect to do any more business with Cookie House, let’s request the data to be erased.

Create a data erasure request

1. To create an erasure request, head back to the Privacy center.

2. Click Erase your data.

3. Enter the email you used earlier and click Continue.

You’ve successfully submitted an erasure request and need to wait for a Cookie House administrator to approve it.

Approve a data erasure request

In the Fides Admin UI, switch back to Privacy requests.

You’ll see that a new request has been added (refresh the page if not). Notice under Request type that this is an Erasure request, whereas the previous one was an Access request.

Approve the request by clicking the checkmark in the Actions column.

The user data has now been erased from the systems managed by Fides. If you’d like, you can verify this by submitting another access request through the Privacy center.

Summary

In this tutorial, you’ve explored how Fides can be used to manage data subject requests for an e-commerce store. You learned how to respond to both access and erasure requests submitted by users.

How are DSRs handled in your organization today? How do you keep track of personal data throughout your systems today, and how do you think that would change with Fides?

Fulfilling data requests is just one of several use cases that is possible with Fides. To learn more, see the Fides docs.

Are you interested in learning more about Fides or other open-source privacy tools, let me know.

fides deploy down