Localytics is making improvements to our Raw Data Export features to support compliance with the General Data Protection Regulation as well as other privacy rights regulations.
Localytics allows customers to export data through a dedicated AWS S3 bucket. Upon customer request, Localytics will write a time-stamped blob of application session and event data to the S3 bucket.
The default workflow for this feature is to write raw log data to a dedicated S3 bucket in the Localytics AWS account and allow customer exports from this bucket through bucket policy. We’ll retain the data in this S3 bucket indefinitely as long as you’re a customer, deleting the data 90 days after contract termination.
The data written to the S3 raw logs includes all event and session data with identifiers including:
This data, depending upon your configuration and/or privacy requirements, may be considered personal data. In scenarios where this data is considered personal data and must have Right-to-be-Forgotten requests propagated through this S3 raw logs, Localytics recommends migrating from existing S3 Raw Log access and transitioning to exporting all raw-log data via our updated Raw Log Export API.
Considering recent changes in privacy laws, and regulations, including the General Data Protection Regulation (GDPR), retaining raw log data indefinitely for the life of a the contract may impact our customers’ ability to comply with end user requests to have their data deleted, or exercise their rights to be forgotten. In order to help our customers support strict adherence to right-to-be-forgotten delete requests, Localytics will change our handling of our Raw Log features as follows:
- The retention settings for raw log data stores will be changed to 30 days; data will be deleted after 30 days
- S3 bucket policies will change by removing customer AWS account access permissions
- Customers will access their data for export via the Data Export API
In addition to delivering raw log data in a manner that is consistent with advanced privacy requirements and regulations such as the GDPR, building a Raw Log Export API also provides a much more flexible and uniform method to access your session and event data.
Migrating to a Raw Log Export API standardizes the access to your raw logs, makes integrations more flexible and efficient providing a much wider reach throughout your organizations. This allows you to further extend the democratization of your data with any and all stakeholders throughout your organization that may benefit from mobile analytics. In addition to powering more efficient integrations with a wider reach, it allows our customers to more flexibly expand their integrations into applications and partnerships that do not easily integrate with AWS S3 or AWS IAM permission policies.
Customers currently using our Raw Data Export features, will need to change how they access, export, or consume the raw log data from directly accessing the AWS S3 bucket, to using the Export API. Here are a recommended set of steps to take:
- Bulk export any data you want to retain
- Change any applications, lambdas, or other programmatic services consuming data from the S3 bucket to call the data via the Export API
- Notify your Localytics Account team when complete, and we will make the bucket changes
If there are any questions or concerns, please reach out to your Mobile Engagement Consultant, or open a support ticket.