Responding to Data Subject Requests with Coveo

Depending on the applicable privacy laws, data controllers are generally obligated to respond to a Data Subject Request (DSR) without undue delay.

A DSR is common under privacy laws. For example, the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) both grant rights to individuals regarding their personal data, albeit to varying degrees.

Coveo and DSR

The Coveo Cloud Platform is built in order to allow its customers to answer DSR. In some cases, Coveo will reasonably assist its customers to respond to a DSR.

Usage Analytics and DSR

The following section presents the Coveo Usage Analytics (Coveo UA) features that can help Coveo Cloud customers fulfill some of their obligations as controllers. These features allow customers to identify, anonymize, export, and delete information about a specific user, as well as disable collection of usage analytics altogether.

The table below describes the general requests which may be related to Coveo UA. The Coveo client typically uses APIs or the Coveo Cloud Administration Console to fulfill end-user requests. Only Coveo Cloud Platform users using API keys with distinct privileges may communicate with Coveo UA to handle DSR. To enable full access to all Coveo UA features, the privileges to administrate UA data, export UA data, and delete user data are required. Coveo customers will then directly interact with the Coveo Cloud Platform, which fulfills the request without human intervention from Coveo.

User request related to GDPR concepts	Coveo UA solution
Can I Know Who the Users Are?	API endpoint
Can I Anonymize a User?	Anonymous flag in API requests
Can I Export All Data About a User?	Coveo UA export with user filters
Can I Delete All Data About a User?	API endpoint
Can I Disable Coveo UA in a Search Interface?	JavaScript Search Framework

Can I Know Who the Users Are?

Users that perform an action resulting in a usage analytics event are automatically attributed a usage analytics user ID such as alice.smith@example.com-google. For an anonymous user, the user ID defaults to a visitor ID such as 29fb0d0a-b5eb-4c20-aff0-9d282df11569.

The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the GET /v15/users/{userId}/overview endpoint. This enables returning all usage analytics data related to a given user identified by their userId for a given organization.

GET https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/overview?org={organizationId} HTTP/1.1
 
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

{userId} with a unique identifier corresponding to an end user whose personal data you want to consult.
{organizationId} with the unique identifier of the target Coveo Cloud organization.

The org parameter is only required when authenticating the call using an OAuth2 token.
accessToken by an API key or OAuth2 token granting the Administrate privilege in the target Coveo Cloud organization, if not already done.

Can I Anonymize a User?

Customers and partners choosing to not track their users must ensure that users are anonymous when the usage analytics data is sent to the Coveo Cloud Platform. It’s possible to anonymize users during their interactions with your sites.

To anonymize your users, depending on your search page:

When using Coveo JavaScript Search Framework, set the anonymous option of the Analytics component to true.

<div id="search" class="CoveoSearchInterface">
  <div class="CoveoAnalytics" data-anonymous="true"></div>
</div>

When using the Usage Analytics Write API directly, set the anonymous property to true whenever logging search, click, custom, or view events (see Logging Usage Analytics Events).

Coveo doesn’t keep IP addresses in Coveo UA (see Does Coveo Keep IP Addresses in Usage Analytics?).

Can I Export All Data About a User?

When your Coveo account or an API key grants the Data Exports privilege, you may interact with Coveo UA to export user data. The Coveo Cloud Administration Console then permits full data export of user data if filters are used to tailor the export to a given userId in a given organization (see Understanding Usage Analytics Export Filters).

When a Coveo customer's end-user requests an export from the Coveo customer, the export may contain confidential data (case number, upcoming product names, etc.). It's the responsibility of the Coveo customer to review exports and remove sensitive information. The custom data added by the Coveo customer's application is a likely source of confidential data.

Can I Delete All Data About a User?

When your Coveo account or an API key grants the Delete user data privilege, you may interact with Coveo UA to delete user data. The Usage Analytics Read API, under User Statistics API - Version 15 and up, exposes the DELETE /v15/users/{userId}/alldata endpoint. This enables deleting all usage analytics data related to a given user identified by their userId for a given organization.

DELETE https://platform.cloud.coveo.com/rest/ua/v15/users/{userId}/alldata?org={organizationId} HTTP/1.1
 
Accept application/json
Authorization Bearer {accessToken}

Where you replace:

{userId} with a unique identifier corresponding to an end-user whose personal data you want to delete.
{organizationId} with the unique identifier of the target Coveo Cloud organization.

The org parameter is only required when authenticating the call using an OAuth2 token.
accessToken by an API key or OAuth2 token granting the Delete user data privilege in the target Coveo Cloud organization, if not already done.

Usage of the DELETE /v15/users/{userId}/alldata endpoint results in irreversible data loss which may affect some dashboards and reports generated in the Coveo Cloud Administration Console. Be mindful of the implications of such an operation, even if its completion is imperative.

Usage statistics such as the queries per month (QPM) won’t be re-calculated or modified after deletion of user data.

Can I Disable Coveo Usage Analytics in a Search Interface?

A successful call to any of the following API endpoints (e.g., POST https://platform.cloud.coveo.com/rest/ua/v15/analytics/searches) will record a usage analytics event:

Method	Scheme	Host	Base path		Path
`GET`	`https://`	`platform.cloud.coveo.com`	`/rest/ua`	`/v15/analytics`	`/click`
		`platform.cloud.coveo.com`			`/custom`
		`platformhipaa.cloud.coveo.com`			`/search`
`POST`		`platformhipaa.cloud.coveo.com`			`/searches`
`POST`		`usageanalytics.coveo.com`	`/rest`		`/view`

If you want to stop recording usage analytics in a search interface, you must ensure that no such calls are being made from that location.

In a search interface that relies on the JavaScript Search Framework, the simplest and most efficient way to disable usage analytics is to not initialize an Analytics component at all.

Coveo JavaScript Search Framework 2.7219 (October 2019)

The JavaScript Search Framework now exposes top-level functions allowing you to clear session information stored for usage analytics purposes (visitor ID cookie, actions history, etc.), and to disable or re-enable an initialized Analytics component.

See: