When your business runs on APIs, and your APIs are defined as contracts, you know where all of your PII, PCI, and PHI data is located. Modern privacy regulation focuses on giving consumers access and control over their personal information. APIs are how these privacy controls are defined and fulfilled.
- GDPR - The General Data Protection Regulation is a privacy and security rule. Though it was drafted and passed by the European Union (EU), it imposes obligations on organizations anywhere if they target or collect data related to people in the EU. The law gives consumers more control over their personal information and limits companies’ ability to collect, store, and sell it.
- California Consumer Privacy Act (CCPA) - The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information businesses collect about them. CCPA regulations also provide guidance on how to implement the law. CCPA reflects the precedent set by GDPR, and like GDPR, it has been influencing policy around the globe, including other privacy regulations in the United States.
There are two types of data at the center of privacy regulation. These types of information have the largest impact on how companies manage the personal details of users across operations.
- Personal Identifiable Information (PII) - PII law covers any information pertaining to the identity of an individual, whether the data is directly provided or can o be reasonably inferred by indirect means.
- Payment Card Industry (PCI) - The Payment Card Industry Data Security Standard is an information security standard for organizations that handle major credit cards.
API contracts define and shape your API operations, but they can also help you understand and manage privacy across your operations and help you follow GDPR, CCPA, and other rules.
- JSON Schema - This specification allows you to define all the digital objects you use across APIs and the applications they provide. It gives you the vocabulary for defining the objects that possess PHI, PII, and other sensitive data.
- OpenAPI - This specification uses JSON Schema to define objects, then provides a machine-readable access map of your digital resources, including f all of your synchronous APIs in use across enterprise operations.
- AsyncAPI - This specification uses JSON Schema to define objects, then provides a machine-readable map of the various events that occur across operations and their asynchronous APIs behind them.
New regulations have set a precedent allowing r end users the right to access their data from any platform. APIs are how users will access their data and allow third-party developers to access it as well. APIs are essential to internet privacy and will continue to play a role in privacy regulations around the globe.