[Meta] PII module suite

Problem/Motivation

The submodules fields and task in the GDPR → module provide functionality that's required for the advanced privacy recipe in Drupal CMS. Those 2 submodules have been developed and maintained by @yanniboi, and he is on board with the idea of extracting them from GDPR and turning them into an independent suite of modules that can be used for Drupal CMS but also elsewhere and for other purposes if needed.

Proposed resolution

There should be an API module, which allows site builders to define entity fields or even full entities as containing sensitive data that belongs to a specific user. This API module should also allow the configuration of what should happen with their content when certain actions (reporting, exporting, deleting, etc.) will be performed. This configuration should be module-agnostic, i.e. this configuration should be abstracted away from the use cases that we currently have in mind.

Two other use cases should go into separate modules that require the above API module. Either both of those use cases get addressed together in one module, or one module for each. This needs to be discussed. The use cases are:

• Allow users to request a report of data that's stored from or about them.
• Allow users to request all their data being deleted.

Both of those not only require some CTAs, confirmation forms, and rendered pages to interact with the user, they also require some task management, maybe review steps, and persistent logging to be reported to the authorities if needed.

Next steps

• Defining names (human-readable and ID) for each module
• Define dependencies
• Write down use cases for each module
• Finalize specs for each module
• Create the module pages
• Implement the modules
• Testing
• Writing documentation
• Adding it to Drupal CMS
• Providing marketing material